Let's be clear: the Chinese state detains people all the time, based on many sources of information, probably the least important being interception of keystrokes to Signal in an input method app. They own all the app makers and the app stores. They can push a specific version of an app to a specific person. Frankly it is meaningless to rely on Signal on a device like that.
The OWS team is small. They don't have a social media team like big corps do, tracking social issue engagement, what big accounts have tweeted etc, and it is ridiculous and counter-productive to be going off about it.
Yes OWS is small, but a major security vulnerability for a country with over a billion people seems worth addressing, no? Naomi Wu is certainly a big account on Twitter and we can see from TFA that Moxie and OWS are aware of this complaint. The question is what to do about it. If you read TFA you will see that the best suggestion seems to be a warning to users using any third party IME. Seems quite reasonable to me.
If the keyboard is leaking keystrokes or word searches on a wide basis it would be difficult to hide technically. DFIR techniques for this are pretty straightforward, I'm sure plenty of people in HK could do it. Why no details?
But ultimately this is a much bigger Android problem, and won't be solved by fixing the keyboard (which OWS is obviously unqualified and ill-equipped to do). A broad ranging device lockdown guide, and OPSEC training (like [1] but for protest groups), is necessary to have anything except illusory protection. I don't think OWS should get into the business of issuing security advisories for all the platforms that they port to.
The pro-democracy groups seem to have this stuff figured out as well as you can and still have a visible protest movement. Very much following Chairman Mao: "The revolutionary must swim with the fishes."
