PRIVA SCORE: Keyboard Apps (Update August 29, 2024)

Summary: The PRIVA SCORE for Keyboard Apps can reach a maximum of 312 points. Open Board and Fossify Keyboard have the highest level of data protection, while Google Gboard, Samsung Keyboard and Microsoft Swiftkey are not recommended. Fleksy and the iOS Keyboard have limitations on data analysis and Grammarly does not offer the option to turn these off. The location of the provider Apple and Microsoft in the USA means that the high level of data protection of the GDPR is not adhered to. As is often the case, Google is the "most curious".

Note on the update: The provider of the Simple apps, which also included the previously highly rated Simple Keyboard, was taken over and will henceforth advertise – which of course massively reduces the level of data protection. But there is a “Fork” by Fossify. Thanks to Mastodon user @Marwe for the tip.

The PRIVA SCORE can receive a maximum of 312 points when evaluating keyboard apps.
As always, the PRIVA SCORE evaluates how well apps/services Data protection features fulfill.

When evaluating keyboard apps Open Board and Fossify Keyboard perform best. They have the highest level of data protection (312 points each) of the apps compared here. They have a End-to-end encryption, do not save the entries, are open source/Open Source, demand little Permissions and are also top in terms of other functions.

Then there are some apps that only get a “yellow rating”. Fleksy is a solid app, but does not allow Opt-out for data analysis. The iOS Keyboard is not open source and the Location of the company Apple is of course the USA. This means that the high level of data protection provided by the GDPR is not adhered to there. Grammarly is not open source and, like Fleksy, does not offer the option to turn off data analysis.

The three apps that must be discouraged (86, 122 and 130 points) are Google Gboard, Samsung Keyboard and Microsoft Swiftkey. At Google is the End-to-end encryption only partially fulfilled and the Data analysis can only be partially objected to. Otherwise, this app does not fulfill any functions that would be necessary for data protection. The Samsung Keyboard, which is always preinstalled on Samsung phones, performs mediocre in most functions, but always saves the Inputs, requires many Permissions and the data that users have entered so far, cannot be deleted.

Microsoft Swiftkey is also not recommended. Mediocre performance in most functions does not represent a high level of data protection. In addition, Swiftkey is not open source and Microsoft is also based in the USA, so at least some of the processing takes place under a low level of data protection.

Explanation of data protection features

End-to-end encryption: This is the most important feature for data protection. It ensures that all input on the keyboard is encrypted before being sent over the Internet. This means that only authorized people can decrypt and read your data.

Saving the input: A good keyboard app does not store any information about keystrokes. This ensures that sensitive data such as passwords or credit card numbers are not stored on the app's servers.

open source/Open Source: For this function, a keyboard app whose code is openly accessible offers a higher level of data protection because it can be independently checked whether the manufacturer's information in the data protection policy is actually correct.

Opt-out for data analysis: Some keyboard apps analyze inputs to make personalized suggestions or improve typing accuracy. It's important that the app offers you the option to object to this analysis and keep your data private.
It must be said that this data analysis is a double-edged sword. The app's "learning" is of course a convenience feature. Having to constantly type in your email address, for example, is annoying. But this can be avoided, as with Open Board and Fossify KeyboardThese apps offer a "sticky note" on which frequently used terms can be entered. This is a little less convenient, but offers greater data protection.

Permissions to access data: A keyboard app should - and this applies to ALL apps - only request the permissions that are absolutely necessary for its functions. If a keyboard app unnecessarily wants to access sensitive data such as the phone function or location, this is a clear warning signal.

Location of the company: Some keyboard app providers operate servers in countries with weak data protection laws. In these countries, compliance with the high level of data protection of the European General Data Protection Regulation (GDPR) cannot be guaranteed.

Transparent data transfer: The app should be transparent about how it transmits data and whether it is encrypted. A secure connection (e.g. HTTPS) and clear information about how the data is transmitted are crucial for data protection.

Option to delete data: The app should offer the option to delete stored data. This is important, for example, if the app is no longer used. In principle, this is even a right under the GDPR (Article 17), but unfortunately only refers to personal data.


en_USEN