Just as Apple made available iOS 13.1 and iPadOS after a rather messy rollout, the iPhone maker is warning users of a security issue impacting third-party keyboard apps.
The bug — unresolved in its latest updates released yesterday — could potentially allow keyboard makers to gather keystroke data without your knowledge and relay it back to their servers.
Third-party keyboards like GBoard, SwiftKey, and Grammarly can be run either as a standalone app or can request “full access” to communicate with other apps and provide additional features.
But according to a support document released by the company yesterday, a bug in the software might cause these apps to gain “full access” even if it wasn’t approved in the first place.
Noting that the bug doesn’t affect Apple’s built-in keyboard or other keyboard apps that don’t make use of full access, the company said it plans to address the issue in an upcoming software update.
It’s worth highlighting here that “full access” also allows the keyboard developer to capture all keystroke data and everything you type, prompting Apple to issue an advisory of this sort.
For instance, when you grant Gboard full access, it allows you to perform Google searches right from the keyboard. In doing so, your searches will be sent to Google, but no other data will be shared. In the case of an app like this from a known developer, there isn’t much cause for concern.
But if it’s an app from a lesser known developer and you’re not comfortable sharing such keystroke data, you’ll want to check if full access has been enabled without your knowledge — courtesy of this bug. You can check and change the setting by heading to Settings > General > Keyboard > Keyboards.
Alternatively, you can also temporarily uninstall all third-party keyboards from your device until Apple releases a fix.
Get the TNW newsletter
Get the most important tech news in your inbox each week.