iOS 13 Bug Lets 3rd-Party Keyboards Gain ‘Full Access’ — Even When You Deny
Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps.
On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant “full access” permissions to enable some additional features through network access.
However, in the brief security advisory, Apple says that an unpatched issue in iOS 13 and iPadOS could allow third-party keyboard apps to grant themselves “full access” permission to access what you are typing—even if you deny this permission request in the first place.
It should be noted that the iOS 13 bug doesn’t affect Apple’s built-in keyboards or third-party keyboards that don’t make use of full access.
Though having full access allows app developers to capture all keystroke data and everything you type, it’s worth noting that likely no reputable third-party keyboard apps would by default abuse this issue.
Apple assured its users that the company is already working on a fix to address this issue, which it plans to release in its upcoming software update.
Until Apple comes up with a fix, you can mitigate this issue by temporarily uninstalling all third-party keyboards from your device just to be on the safer side.