Apple Developers Found Third-Party Keyboard Vulnerability in iOS

by Brendan Smith
September 28, 2019
Third-Party Keyboard Vulnerability in iOS
Written by Brendan Smith

With the release of iOS 13.1, Apple discovered a vulnerability affecting third-party keyboards in iOS 13 and iPadOS.

Third-party keyboards for iOS are applications that are designed to work completely autonomously, without access to any external services, or with “full access” to additional functions (for example, spell checking), which requires access to the network. In theory, this allows keyboard developers to store keystroke data or everything the user types on their servers, including messages, passwords, and so on.

As it turned out, due to a bug, such third-party keyboards could be granted full access, even if the user did not directly approve of this. The problem was discovered by Apple developers themselves.

“Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple discovered a bug in iOS 13 and iPadOS. This can result in keyboard extensions being granted full access even if you haven’t approved this access”, — report Apple specialists.

So far, developers have not revealed almost any details of the vulnerability. It is not even known which versions of iOS are subject to a bug. It is only reported that users of third-party keyboards on iPhone, iPad or iPod touch are at risk.

“This issue does not impact Apple’s built-in keyboards. It also doesn’t impact third-party keyboards that don’t make use of full access. The issue will be fixed soon in an upcoming software update”, — ensures Apple.

The developers promise to fix the bug as quickly as possible. You can check which keyboards are installed on the device in the settings: General->Keyboard->Keyboards.

How to avoid problems?

If you’ve purposely avoided granting full access, you might want to temporarily delete third-party keyboards. And it should go without saying, but don’t install alternate keyboards that you don’t trust.

Read also: Selfie apps installed over 1.5 million times traced users and showed ads

Crucially, Apple prevents third-party developers from recording your passwords by always switching to the default iOS keyboard in password fields even when you’re using something like Gboard for everything else.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

View all posts

Leave a Reply

Sending