zerothcode blog

Hackers News

iOS 13 Bug Lets 3rd-Party Keyboards Gain ‘Full Access’ — Even When You Deny

Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps.

On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant “full access” permissions to enable some additional features through network access.

However, in the brief security advisory, Apple says that an unpatched issue in iOS 13 and iPadOS could allow third-party keyboard apps to grant themselves “full access” permission to access what you are typing—even if you deny this permission request in the first place.

It should be noted that the iOS 13 bug doesn’t affect Apple’s built-in keyboards or third-party keyboards that don’t make use of full access.

Instead, the bug only impacts users who have third-party keyboard apps—such as popular Gboard, Grammarly, and Swiftkey—installed on their iPhones or iPads, which are designed to request full access from users.

Though having full access allows app developers to capture all keystroke data and everything you type, it’s worth noting that likely no reputable third-party keyboard apps would by default abuse this issue.

Even if that doesn’t satisfy you, and you want to check if any of the installed third-party keyboards on your iPhone or iPad has enabled full access without your knowledge by exploiting this bug, you can open the Settings → General → Keyboard → Keyboards.

Apple assured its users that the company is already working on a fix to address this issue, which it plans to release in its upcoming software update.

Until Apple comes up with a fix, you can mitigate this issue by temporarily uninstalling all third-party keyboards from your device just to be on the safer side.