Having heard lots on MPU about Textexpander I have been keen to give it a go. However, are there any security concerns. Effectively the software must be key logging everything you type? This is particularly a concern if the data is sent to the cloud. Any thoughts?
From what I gather, the content of your snippets are saved server side, and thus run the risk - assuming âtheyâ get through the security measures Smile Software side - of gaining access to those. Smile advises not to store sensitive data âinâ a snippet.
But as for key-logging, my understanding is that happens totally on device, and doesnât leave it either.
1 Like
I canât find it now but I remember at the launch of the subscription version there was discussion about how it failed to meet some ISO security standard and couldnât legally be used in a lot of educational and government settings.
(Edit) - see items 3.2 and 3.3 of their TOS
1 Like
The only data that should be sent is the snippets themselves for backup and syncing. I wouldnât say itâs logging everything you type but merely looking out for certain keystrokes to trigger a expansion. I wouldnât store passwords or other personal info in it, not even your address.
I would say the good news is that Apple takes passwords very seriously and have tech built in that password managers like 1Password use to block apps like TextExpander from ever seeing them. Youâll get a warning logo on TextExpander in the menu bar letting you know itâs been deactivated because of an app that needs critical info inputted.
I seem to recall reading the TextExpander dumps its key log buffer every time a space is typed and(?) whenever a snippet is expanded. My understanding was that this is the same whether the TE license was standalone or subscription and happened within the device.
1 Like
These might be useful articles to reference:
- Details about the life span of logged keys in Textexpander.
- Details of the encryption Textexpander uses.
But as has already been stated. Donât store anything in there that is particularly sensitive (e.g. passwords), But hopefully the encryption would be sufficient for most people who might wish to store home address, phone number, e-mail address, etc.
1 Like
Thanks for all the comments. It probably is âsafeâ to use, but as the app is constantly looking at everything typed into the computer, I guess I am still a little wary.
On iOS, for Apps that donât natively support TextExpander, TE canât read the keyboard unless you install and use the TextExpander keyboard, so using the Apple keyboard means no keystrokes are logged. If you want to expand a snippet, flip to the TE keyboard, type the snippet then return to the Apple keyboard. Takes a couple of extra keystrokes, but still less than the expanded snippet.
For Apps that directly support TE snippets, my understanding is that the snippets are effectively imported into the App, so no keyboard logging info is sent outside the App to get the expansion.
Just my understanding- donât quote me on it!
Iâm not trying to trivialize your concern but the way I look at it is this.
Both David and Katie are lawyers responsible for data privacy to their clients and they trust it and I trust David and Katie so I trust TextExpander. David has at least and possibly Katie but Iâm not certain have met the folks who make TextExpander and they say theyâre fine people who care about the customers and again I trust David and Katie so I trust Smile Software\TextExpander.
Brett Terpstra trusts TextExpander and heâs geekier than most of us put together and David and Katie trust him etc etc. Trust by association is the point Iâm getting at. Enough people that I trust or are trusted by people I trust trust TextExpander so I take that as a good enough recommendation.
1 Like
I only use text expander for â public informationâ such as phone numbers, scripts, email templates, addresses, etc. I can say however it has crossed my mind to divide long passwords into snippets, but feel this would not be safe. It only takes a moment to open 1Password. I use 1Password to generate my passwords. I would never use a snippet for private personal information.
Donât just feel it. Know it. No one should EVER do this.
Whilst I do trust that Smile have done their best to secure the system end to end, perfect security is a myth. Particularly where humans are involved. Eliminate the risk entirely, however small, by NEVER doing this.
By the way. Did I mention this is a bad thing to do? 
2 Likes