iOS 8’s New Key Logger
I was pretty excited to see the new options for keyboard extensions in iOS 8. My excitement rapidly evaporated when I saw this notification while enabling a new keyboard.
So, I dug into the developer documentation for keyboard extensions to see what could possibly go wrong. I don’t like it.
This is what I found (quoted from the documentation):
- All capabilities of a nonnetworked custom keyboard
- Keyboard can access Location Services and Address Book, with user permission
- Keyboard and containing app can employ a shared container
- Keyboard can send keystrokes and other input events for server-side processing
- Containing app can provide editing interface for keyboard’s custom autocorrect lexicon
- Via containing app, keyboard can employ iCloud to ensure settings and autocorrect lexicon are up to date on all devices
- Via containing app, keyboard can participate in Game Center and In-App Purchase
- If keyboard supports mobile device management (MDM), it can work with managed apps
My interpretation of the documentation is that a keyboard extension can enable network access if it is for the purpose of improving the application. What improvements warrant this, is up to the app developer.
I love that Apple is asserting strong language in the documentation:
Each keyboard capability associated with network access carries responsibilities on your part as a developer, as indicated in Table 11-2. In general, treat user data with the greatest possible respect and do not use it for any purpose that is not obvious to the user.
But the only gate keeper is the app approval process. While that has kept iOS comfortably safe for me, the additional benefit of a new keyboard does not warrant this added risk. Some have pointed out that password fields are excluded from using an alternative keyboard. This tells me that even Apple is a bit concerned about the consequences of logging key strokes. I’m not sure about everyone else, but I generally use a password to protect all of the other things I write with my keyboard. If every other keystroke is logged and transmitted to a server, my password becomes far less relevant.
Of course, we can secure the data even while it’s transmitted and stored somewhere else. Let’s use Swiftkey as an example here. They’re up front about what they do with data right now.
That “Allow Full Access” warning still haunts me though.1
Everyone is different, but I don’t feel comfortable using a key logger from a VC backed company.2 Privacy policies have a tendency to change when money starts to dry up or the company is acquired.
It should be noted that not all keyboard extensions enable network access. For example, the TextExpander keyboard did not require full access, so I presume it does not do anything more than read the snippets from the application on the device. (CORRECTION: The TE keyboard does require full access. I must have already approved it. Thanks to Michael in the comments) ↩︎
I actually don’t feel warm and fuzzy about any key logger. I’m just more suspicious of companies that lack a business plan I can understand. I’m weird that way. ↩︎