MITM attack or inconsistent font between Riot Desktop and Riot Android?

[Mikaela]

I changed my password and added two devices, Riot desktop from Flatpak and Riot Android. Then I proceeded to verify the devices and I see these:

Note particularly the three last characters. Are they 1WM or IWM (or even lWM)? I cannot say, so was my new password leaked immediately, is Matrix.org homeserver attacking me or is there just a bad inconsistent font between the two clients?

• riot-web version: 1.0.7 via Flathub on Debian Testing
• Riot Android 0.8.29 via Play Store

[jryans]

It looks like a font / display issue to me. Riot Android should probably use a monospaced font (like Riot Web) so it's easier to compare characters in the device key.