Wednesday, July 13, 2016

Disabling third party keyboards application wide

Apple support forum on Third-Party keyboards is having all the information needed to,

  1. Install and add a new keyboard
  2. Turn on a new keyboard
  3. Switch to a third-party keyboard
  4. Remove, rearrange, or delete third-party keyboards


In the above post, It is clearly mentioned that,


     
  Some third-party keyboards require full access to your iOS device to work. 
  This could potentially provide personal information to the third-party 
  developer when you use the keyboard. iOS doesn't let third-party keyboards 
  access your personal information unless you allow it for each keyboard that 
  you add.


  You might not be able to use a third-party keyboard in these situations: 
  • If the developer of the app you’re using doesn’t allow third-party keyboards.
  • If you’re typing in a secure text field (like a password entry field that shows typed characters as dots instead of letters and numbers).
  • If you’re using a number pad instead of a standard keyboard.


This will definitely cause security vulnerabilities If we use these keyboards on sensitive fields.

There are 3 ways to avoid this security vulnerability. Better If we implement all the below 3 ways instead of going for one as It is better to avoid instead of Repair.




#1 Use secureTextEntry for sensitive fields

As we can on/off the full access to those third-party keyboards as mentioned in the support forum, remove full access to them.


#2 Use secureTextEntry for sensitive fields

As Third-party keyboards won't appear on secure text entry fields, Enable secureTextEntry on sensitive fields.



   passwordTextField.secureTextEntry = YES;


     
#3 Don't allow third-party keyboards in your app

Programmatically also we can disable third-party keyboards getting used in our app by implementing shouldAllowExtensionPointIdentifier delegate method in our AppDelegate.



   
-(BOOL)application:(UIApplication *)application 
             shouldAllowExtensionPointIdentifier:(NSString *)extensionPointIdentifier
     {
    
          if (extensionPointIdentifier == 
                                                      UIApplicationKeyboardExtensionPointIdentifier)
          {
              return NO;
          }
    
         return YES;
    }



   
In the above code, I am checking the keyboard extension UIApplicationKeyboardExtensionPointIdentifier and not allowing it application wide.


Hope this post is useful. Feel free to comment in case of any queries.