End-to-End Encryption (E2EE) aims to make all messages impossible to read by anyone except you and your intended recipient(s). Many well-known and widely used Instant-Messaging (IM) applications (such as Signal, WhatsApp, and Apple's iMessage) claim to provide E2EE. However, a recent technique called client-side scanning (CSS) makes these E2EE claims grandiose and hollow promises. The CSS is a technology that scans all sending and receiving messages from one end to the other. Some in industry and government now advocate this CSS technology to combat the growth of malicious child pornography, terrorism, and other illicit communication. Even though combating the spread of illegal and morally objectionable content is a laudable effort, it may open further backdoors that impact the user's privacy and security. Therefore, it is not E2EE when there are censorship mechanisms and backdoors in end-to-end encrypted applications. In this paper, we introduce an encrypted keyboard that functions as a system keyboard, enabling users to employ it across all applications on their phones when entering data. By utilizing this encrypted keyboard, users can locally encrypt and decrypt messages, effectively bypassing the CSS system. We first design and implement our encrypted keyboard as a custom keyboard application, and then we evaluate the effectiveness and security of our encrypted keyboard. Our study results show that our encrypted keyboard can successfully encrypt and decrypt all sending and receiving messages through IM applications, and therefore, it can successfully defeat the CSS technology in end-to-end encrypted systems. We also show that our encrypted keyboard can be used to add another layer of E2EE functionality on top of the existing E2EE functionality implemented by many end-to-end encrypted applications.

翻译：端到端加密旨在使除用户及其预期接收者之外的任何人都无法读取所有消息。许多知名且广泛使用的即时通讯应用（如Signal、WhatsApp和苹果iMessage）声称提供端到端加密。然而，一种称为客户端扫描的新技术使这些端到端加密的声称成为夸大而空洞的承诺。该技术会扫描从一端到另一端的所有发送和接收消息。目前，部分行业及政府机构倡导采用客户端扫描技术，以打击日益增长的儿童色情、恐怖主义及其他非法通信内容。尽管打击非法及违背道德内容的传播是值得赞赏的努力，但这可能打开更多影响用户隐私和安全的后门。因此，当端到端加密应用中存在审查机制和后门时，它就不再是真正的端到端加密。本文引入了一种加密键盘，它可作为系统键盘运行，使用户在手机上所有应用输入数据时均可使用。通过该加密键盘，用户可在本地加密和解密消息，从而有效绕过客户端扫描系统。我们首先将加密键盘设计并实现为自定义键盘应用，随后评估其有效性和安全性。研究结果表明，我们的加密键盘能成功加密和解密通过即时通讯应用发送和接收的所有消息，因而可成功对抗端到端加密系统中的客户端扫描技术。同时，我们展示了该加密键盘可在许多端到端加密应用已有的加密功能之上，叠加另一层端到端加密功能。