People who don’t type Chinese might be surprised to learn that popular Chinese Input Method Editor (IME) keyboards can act as keyloggers; they transmit your keystrokes over the Internet to enable “cloud-based” support features to improve character prediction when typing. Everyone might be surprised to learn that these keyloggers, which were already collecting everything you type into your device, were doing it insecurely. In this talk, we will describe how we systematically exploited every single popular Chinese IME keyboard vendor’s home-rolled network encryption protocol. Namely, we show how any network eavesdropper can read the keystrokes of what users of these vendors’ keyboards are typing. The affected keyboards include the three most popular Chinese IME keyboards, Sogou IME, Baidu IME, and iFlytek IME, collectively used by almost 800 million users, as well as default and pre-installed keyboards on basically every popular Android mobile device except for Huawei’s. We also discus