Wednesday, July 13, 2016

Disabling third party keyboards application wide

Apple support forum on Third-Party keyboards is having all the information needed to,

  1. Install and add a new keyboard
  2. Turn on a new keyboard
  3. Switch to a third-party keyboard
  4. Remove, rearrange, or delete third-party keyboards

In the above post, It is clearly mentioned that,

  Some third-party keyboards require full access to your iOS device to work. 
  This could potentially provide personal information to the third-party 
  developer when you use the keyboard. iOS doesn't let third-party keyboards 
  access your personal information unless you allow it for each keyboard that 
  you add.

  You might not be able to use a third-party keyboard in these situations: 
  • If the developer of the app you’re using doesn’t allow third-party keyboards.
  • If you’re typing in a secure text field (like a password entry field that shows typed characters as dots instead of letters and numbers).
  • If you’re using a number pad instead of a standard keyboard.

This will definitely cause security vulnerabilities If we use these keyboards on sensitive fields.

There are 3 ways to avoid this security vulnerability. Better If we implement all the below 3 ways instead of going for one as It is better to avoid instead of Repair.

#1 Use secureTextEntry for sensitive fields

As we can on/off the full access to those third-party keyboards as mentioned in the support forum, remove full access to them.

#2 Use secureTextEntry for sensitive fields

As Third-party keyboards won't appear on secure text entry fields, Enable secureTextEntry on sensitive fields.

   passwordTextField.secureTextEntry = YES;

#3 Don't allow third-party keyboards in your app

Programmatically also we can disable third-party keyboards getting used in our app by implementing shouldAllowExtensionPointIdentifier delegate method in our AppDelegate.

-(BOOL)application:(UIApplication *)application 
             shouldAllowExtensionPointIdentifier:(NSString *)extensionPointIdentifier
          if (extensionPointIdentifier == 
              return NO;
         return YES;

In the above code, I am checking the keyboard extension UIApplicationKeyboardExtensionPointIdentifier and not allowing it application wide.

Hope this post is useful. Feel free to comment in case of any queries.