Skip to main content

iPhone Security Alert: Apple Warns of iOS Keyboard Threat

(Image credit: Tom's Guide)

Apple pushed out iOS 13.1 and iPadOS 13.1 only yesterday (Sept. 24), but the company is already warning of a bug in both platforms that might let third-party keyboard apps get full access to other apps or to the internet without your permission.

"Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request 'full access' to provide additional features through network access," Apple said in an advisory it posted online yesterday. 

"Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven't approved this access."

In other words, an installed third-party keyboard app could capture all your keystrokes, including passwords and credit-card numbers, even if you haven't allowed it to do so. (Of course, if you've already granted the app full access, then that's your problem.) 

The bug will be fixed by "an upcoming software update," Apple said.

MORE: How to Turn On Dark Mode in iOS 13

This doesn't affect the keyboards built into iOS and iPadOS, or "third-party keyboards that don't make use of full access," Apple says. But it does seem to affect all versions of iOS 13, and possibly iOS 12 and earlier as well, as long as devices have third-party apps installed.

There are many third-party keyboard apps available for iOS, ranging from the well-known SwiftKey and GBoard keyboards to keyboards that let you type in Greek or Arabic or in different colors.

Some of these apps only let you do things within themselves, as it were; others let you swap them in for the built-in keyboard to type in other apps, but only if you let them do so. It's the latter kind that concerns Apple, which implies that apps that never request full access are not affected by this bug.

Apple suggests that iOS and iPadOS users check to see what kind of third-party keyboard apps might be affected by opening the Settings app and going to General --> Keyboard --> Keyboards. 

The company doesn't say what to do after that, which is kind of a letdown. But unless you are comfortable with giving third-party apps full access to other apps and to the internet, then it might be best to delete all third-party keyboard apps for iOS and iPadOS until this is resolved. 

Paul Wagenseil
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. That's all he's going to tell you unless you meet him in person.