Android keyboards can be quite sophisticated, including learning of commonly used words or languages. Some of these result in uploading what you enter to a service you may not know about. The Signal app on Android includes a setting to say that its keyboard input should not be uploaded.
Malicious keyboard apps can ignore this, but if a malicious keyboard has made its way onto your device I think you have bigger problems.
The tradeoff: if you use speech-to-text on the Android keyboard, it will no longer work. The microphone will be greyed out and will bring up a small message saying "This app doesn't support voice input." The stock Android keyboard apparently has no on-device voice processing.
I learned of this from Liz Fong-Jones' Bluesky feed.