Haven't looked at it in a while but when I did previously it was prone to the nearly universal Android issue of leaking data through AccessibilityService, which is basically this:<p>I leave my phone on my desk, Bob grabs it while I'm in the bathroom, turns on Unknown Sources, installs an apk from a known URL which implements an accessibility service that forwards all TextView contents over to his nefarious logging servers.<p>Once he installs this service (rooting and USB connection not required, just physical access to a non-PIN-locked phone and takes about 5-10 seconds to do if you've already posted an apk ready to install to some public url) it will always be running and come up on startup whenever the phone is rebooted and never show me any indication that it is running (unless the service ANRs or crashes or I go to the Accessibility settings page in the OS settings which I am unlikely to do as a user who doesn't require any special accessibility features).<p>Bob then puts my phone back and I begin to use it unawares. All of my data that is displayed to the UI at all is leaking regardless of how secure the network protocol is.<p>Take-aways:<p>If you are an Android user and care about things like secure chat being actually secure, PIN protect your phone or glue the phone to your skin so nobody can install an APK without your knowledge.<p>If you create an ostensibly secure Android app consider querying AccessibilityManager occasionally to take a look and see if any accessibility services are running and if they are indicate this to the user in some visible fashion that explains the risks, this allows people who have legitimate accessibility issues to use the app but mitigates the possibility of a data leak that the user is completely unaware of. Or alternately use an accessibility delegate on all your TextViews and other leaky widgets and have a setting in your app where when this filtering is disabled it is obvious to the user.