In this article, I’m going to present a way to perform Keystroke Injection attacks from a plain Android device. A keyboard is the main way of communicating between the user and the computer. Because of this special connection, computers always trust keyboards. Keystroke Injection takes advantage of this inherent trust. In short, whenever you connect a device claiming to be a keyboard, a computer will automatically recognize it and accept, without a doubt. How can a device claim to be a keyboard? Simple, using a universal specification called HID (Human Interface Device). It just has to enumerate itself as a Keyboard HID, and that’s it.