In a recent update to the HSBC app they’ve added a screen to prevent you from using the app unless you use the default (google) keyboard.
They do a similar thing if you have an accessibility service running that can access the screens content. A fair enough security warning if you’ve happened to install a dodgy keyboard app, but highly frustrating when using an open source alternative that enhances the security and privacy over the default option (HeliBoard in my case).
I haven’t found a way to circumvent the page yet. It would be useful if Android allowed you to block the permission to query all packages, but alas.
Of course there will always be some risk. But HeliBoard and some other keyboard apps are open source and can be audited. I’d trust (I know, you should do your own homework) the more popular ones have a lot of eyes in them.
As someone who doesn’t have the time, skill, or knowledge to audit open source projects, I agree on the trusting more popular open source keyboards (and by extension popular open source projects in general).