[est]

> end-to-end encryption would be the best practice

If you think about it, no it's not in this case.

The "end" you are refering to here, are mostly Chinese android phones.

The system just hook into your apk, read your (encrypted) sqlite3 local data, or screen-read your UI for content.

Even the Wechat realized how badly the landscape was, so they even rolled rolled out inhouse "input method" for "privacy conerns"