Privacy/security statement from project owner?

[Thomas Horsten]

First, thank you for an amazing input method, I've been looking for exactly this since I got my first Android phone over 9 years ago.

I do a lot of security related work using terminal emulators and web interfaces, and part of this involves typing passwords and other sensitive information. For this reason I need a certain level of trust in my keyboard. I use other open source apps and I'm aware of the potential risks from e.g. a maliciously modified ConnectBot or keyboard that leaks information about my sessions to an attacker.

This is a measured risk I need to take as a matter of expediency (and I have auto update turned off for apps such as ConnectBot and always wait a bit before installing a new update), but I would feel more at ease if the Hacker's Keyboard app's official documentation would contain a statement to the effect that the current version does not collect any keylogs and does not initiate any Internet connections and transmit any data unless specifically requested by the user, and that the developers will not knowingly release any new version that does so without explicitly asking the user for permission first (e.g. a configuration option that defaults to off).

Unfortunately since non-rooted Android has no easy way to completely disable Internet access for an app the only way I can feel relatively relaxed about this is to check the app data usage and feel reassured that it remains at zero (and go into a frenzied change-all-important-passwords panic attack if not :)

Sorry if all this sounds a bit paranoid, I'm sure it won't to those of you who work in the same field.

Cheers
Thomas