Apple support forum on Third-Party keyboards is having all the information needed to,
- Install and add a new keyboard
- Turn on a new keyboard
- Switch to a third-party keyboard
- Remove, rearrange, or delete third-party keyboards
In the above post, It is clearly mentioned that,
You might not be able to use a third-party keyboard in these situations:
This will definitely cause security vulnerabilities If we use these keyboards on sensitive fields.
Some third-party keyboards require full access to your iOS device to work.
This could potentially provide personal information to the third-party
developer when you use the keyboard. iOS doesn't let third-party keyboards
access your personal information unless you allow it for each keyboard that
you add.
This could potentially provide personal information to the third-party
developer when you use the keyboard. iOS doesn't let third-party keyboards
access your personal information unless you allow it for each keyboard that
you add.
You might not be able to use a third-party keyboard in these situations:
- If the developer of the app you’re using doesn’t allow third-party keyboards.
- If you’re typing in a secure text field (like a password entry field that shows typed characters as dots instead of letters and numbers).
- If you’re using a number pad instead of a standard keyboard.
This will definitely cause security vulnerabilities If we use these keyboards on sensitive fields.
There are 3 ways to avoid this security vulnerability. Better If we implement all the below 3 ways instead of going for one as It is better to avoid instead of Repair.
#1 Use secureTextEntry for sensitive fields
As we can on/off the full access to those third-party keyboards as mentioned in the support forum, remove full access to them.
#2 Use secureTextEntry for sensitive fields
As Third-party keyboards won't appear on secure text entry fields, Enable secureTextEntry on sensitive fields.
passwordTextField.secureTextEntry = YES;
#3 Don't allow third-party keyboards in your app
Programmatically also we can disable third-party keyboards getting used in our app by implementing shouldAllowExtensionPointIdentifier delegate method in our AppDelegate.
-(BOOL)application:(UIApplication *)application
shouldAllowExtensionPointIdentifier:(NSString *)extensionPointIdentifier
{
if (extensionPointIdentifier ==
UIApplicationKeyboardExtensionPointIdentifier)
UIApplicationKeyboardExtensionPointIdentifier)
{
return NO;
}
return YES;
}
In the above code, I am checking the keyboard extension UIApplicationKeyboardExtensionPointIdentifier and not allowing it application wide.
Hope this post is useful. Feel free to comment in case of any queries.
No comments:
Post a Comment