News Security

Apple Developers Found Third-Party Keyboard Vulnerability in iOS

Third-Party Keyboard Vulnerability in iOS
Written by Brendan Smith

With the release of iOS 13.1, Apple discovered a vulnerability affecting third-party keyboards in iOS 13 and iPadOS.

Third-party keyboards for iOS are applications that are designed to work completely autonomously, without access to any external services, or with “full access” to additional functions (for example, spell checking), which requires access to the network. In theory, this allows keyboard developers to store keystroke data or everything the user types on their servers, including messages, passwords, and so on.

As it turned out, due to a bug, such third-party keyboards could be granted full access, even if the user did not directly approve of this. The problem was discovered by Apple developers themselves.

“Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple discovered a bug in iOS 13 and iPadOS. This can result in keyboard extensions being granted full access even if you haven’t approved this access”, — report Apple specialists.

So far, developers have not revealed almost any details of the vulnerability. It is not even known which versions of iOS are subject to a bug. It is only reported that users of third-party keyboards on iPhone, iPad or iPod touch are at risk.

“This issue does not impact Apple’s built-in keyboards. It also doesn’t impact third-party keyboards that don’t make use of full access. The issue will be fixed soon in an upcoming software update”, — ensures Apple.

The developers promise to fix the bug as quickly as possible. You can check which keyboards are installed on the device in the settings: General->Keyboard->Keyboards.

How to avoid problems?

If you’ve purposely avoided granting full access, you might want to temporarily delete third-party keyboards. And it should go without saying, but don’t install alternate keyboards that you don’t trust.

Read also: Selfie apps installed over 1.5 million times traced users and showed ads

Crucially, Apple prevents third-party developers from recording your passwords by always switching to the default iOS keyboard in password fields even when you’re using something like Gboard for everything else.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.