Apple Discovers Security Bug In Third Party iOS Keyboards After iOS 13.1 Release
|Photo via Apple|
Apple is releasing an update as soon as possible to fix an iOS security bug pertaining to third-party keyboards. Third-party iOS keyboards are supposed to be run standalone on its entirety without external service permissions, but full access can be granted even if the user hasn’t approved the access.
Apple states in their support document, which is titled “About an issue that impacts third-party keyboard apps in iOS 13 and iPadOS”. They noted that “Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.” Apple will be releasing another update in regards to the security issue in iOS and iPadOS 13. On the other hand, users can make sure if their keyboards are affected by this security issue. This can be done by going to Settings, General, Keyboard then to Keyboards. Every individual third party keyboard should have Allow Full Access off if the user did not allow it.
Some keyboards may not be affected by this security flaw, as certain third party keyboards do not utilise full access in most of their features. Continuing on the support document, the Cupertino company stated that, “This issue does not impact Apple’s built-in keyboards. It also doesn’t impact third-party keyboards that don’t make use of full access. The issue will be fixed soon in an upcoming software update.” Software keyboards created by Apple all fall into their privacy standards at high priority, which never collects any information from the iOS keyboard to Apple’s servers. Even though developers have control over the data collected by users using the keyboards, they can require users to allow full access if the features can use the data to benefit and improve the keyboard functionality in the future. But if a user doesn’t request full access in regards to the fear that they would not have the app developer collect information from the keyboard, it is not a safe way for iOS to allow full access to the keyboard.