TMaster

When granting communication permissions to an app, you're giving the company not just a vote of confidence right now, but also in the future. By the time you learn of any problems, it may already be too late. That's why we need to focus on intrinsic security, especially since it doesn't need to come with any downsides here. Even the functionality that allegedly causes this issue is implemented incorrectly, as Google Backup can handle this easily by itself. Dictionary updates and software updates can also be handled by Google Play.

This issue is symptomatic of developers just generally not knowing what they are doing, or being told to go about something in the wrong way due to e.g. 'Not Invented Here' syndrome.

Data leaks are also not beneficial to businesses, but they happen all the time. I'm not accusing Nuance of malice. I'm simply pointing out horrible product design leading to an product that has zero intrinsic security.

I know very well about packet analyzers, but that too just ignores the real problem; intrinsically bad design.

It may sound paranoid, but large-scale abuses like the Sony XCP scandal show that companies that some think are respectable, may in fact turn out be strongly incapable of real security.

If you know people dislike this, you should know that it's also entirely possible to just also release a version that never even asks for these permissions.

I'm not even aware of any functionality that would need to be removed - it just requires proper design that may be difficult for a company like Nuance. Like I said, dictionary and software updates can be done without this permission.

The permissions dialog is really only aggressive, because Swype requires an aggressive permission, and requires blind faith. KeyMonk (free / paid) shows it can be done without asking for a single unnecessary permission. The competition isn't waiting for you, so what are you waiting for?

Just some food for thought. I hope I explained properly above why privacy is so important to the users of an app that handles passwords.

Are there plans for a version of Swype that does not require full network access, and preferably drops a bunch of other permissions as well?

Contrary to what some people think, most functionality can be implemented without this permission, including dictionary and software updates, while this permission does allow apps to upload any and all data, including passwords entered using Swype.

Having full network access requires users to have blind faith in the trustworthiness of Nuance, which I explicitly don't have.

Also, congratulations on releasing your keyboard on Google Play!

The claims you made may be correct, but cannot be verified by end users.

It requires faith, since your app can still technically submit anything it likes. This is the opposite of security. This being 2013, such an approach is outdated. We've all seen examples of companies engaging in illegal activity before, so I'm sure you understand the need for this.

I'm glad you seem to agree though! In the end, both of us hopefully have the same thing in mind - a truly secure future Swype experience.

I have some questions, I'd really appreciate it if you could answer all questions you know the answer to!

• Do you use paper ballots exclusively?

• How do you submit the totals?

• How do you deal with accessibility issues; blind voters?

• When do you verify whether there are enough ballots?

• What happens when there aren't enough?

• Do they get stored? Where, by who and how long? Who has access?

• What are your ballots like - that is, how do they look? Are they butterfly ballots?

• Can you see what party a voter registered with?

• Have you received instructions about limitations on who can be present during the counting of the votes?