Wednesday, July 13, 2016

Disabling third party keyboards application wide

Apple support forum on Third-Party keyboards is having all the information needed to,

  1. Install and add a new keyboard
  2. Turn on a new keyboard
  3. Switch to a third-party keyboard
  4. Remove, rearrange, or delete third-party keyboards

In the above post, It is clearly mentioned that,

  Some third-party keyboards require full access to your iOS device to work. 
  This could potentially provide personal information to the third-party 
  developer when you use the keyboard. iOS doesn't let third-party keyboards 
  access your personal information unless you allow it for each keyboard that 
  you add.

  You might not be able to use a third-party keyboard in these situations: 
  • If the developer of the app you’re using doesn’t allow third-party keyboards.
  • If you’re typing in a secure text field (like a password entry field that shows typed characters as dots instead of letters and numbers).
  • If you’re using a number pad instead of a standard keyboard.

This will definitely cause security vulnerabilities If we use these keyboards on sensitive fields.

There are 3 ways to avoid this security vulnerability. Better If we implement all the below 3 ways instead of going for one as It is better to avoid instead of Repair.

#1 Use secureTextEntry for sensitive fields

As we can on/off the full access to those third-party keyboards as mentioned in the support forum, remove full access to them.

#2 Use secureTextEntry for sensitive fields

As Third-party keyboards won't appear on secure text entry fields, Enable secureTextEntry on sensitive fields.

   passwordTextField.secureTextEntry = YES;

#3 Don't allow third-party keyboards in your app

Programmatically also we can disable third-party keyboards getting used in our app by implementing shouldAllowExtensionPointIdentifier delegate method in our AppDelegate.

-(BOOL)application:(UIApplication *)application 
             shouldAllowExtensionPointIdentifier:(NSString *)extensionPointIdentifier
          if (extensionPointIdentifier == 
              return NO;
         return YES;

In the above code, I am checking the keyboard extension UIApplicationKeyboardExtensionPointIdentifier and not allowing it application wide.

Hope this post is useful. Feel free to comment in case of any queries.

1 comment:

  1. These provided information was really so nice,thanks for giving that post and the more skills to develop after refer that post. Your articles really impressed for me,because of all information so nice.
    Mobile App Development Company In Chennai
    Android App Development Company In Chennai
    Android Application Development Company In Chennai
    Mobile App Development Company In India