Android keyboards can be quite sophisticated, including learning of commonly used words or languages. Some of these result in uploading what you enter to a service you may not know about. The Signal app on Android includes a setting to say that its keyboard input should not be uploaded.
Malicious keyboard apps can ignore this, but if a malicious keyboard has made its way onto your device I think you have bigger problems.
I learned of this from Liz Fong-Jones' Bluesky feed.