Through the years, there are features that have debuted for other platforms that many iOS users have clamored for. Third-party keyboards are some of those, and Apple officially announced support for the feature in 2014 alongside the unveiling of iOS 8. Now that the apps are available, though, there’s some concerns about privacy and access being raised.
A pair of profiles that cover third-party keyboards, both MacRumors and a report published by a security researcher named Mark (who works for Trend Micro), outline the various access rules, the features tied to the rules provided to those keyboards, and how it all relates to the end user. These concerns, and the profiles covering them, are in part due to the fact that a new warning is displayed for anyone trying out a new, third-party keyboard:
As you can see from the image above, there’s a lot to be allowed for a keyboard. As noted by MacRumors, some keyboards differentiate their rules by breaking apart their feature sets. Meaning, some keyboards will work as a “standard install,” while others, like SwiftKey pictured above, wants “full access.” As one can imagine, just the text alone within the warning seems broad and all encompassing, specifically for all the wrong reasons. Lines like, “…allows the developer of this keyboard to transmit anything you type…” is enough to get many people questioning the reasons why this would need to happen.
Especially as you consider the fact that many people type in their credit card information, home address, and other important pieces of information on their smartphones.
The first profile within the report published by MacRumors. They got in touch with SwiftKey’s communications chief Jennifer Kutz to talk about full access, and just what, exactly, it means for the end user and data collection. The keyboard offers a cloud option, which is essential for some key, albeit extra, features. If you want to access SwiftKey Flow (the way to trace your finger from one letter to the next to create a word), or even word prediction, you’ll need to grant full access to the keyboard. However, Kutz states that the reach of SwiftKey is inherently limited, as it completely ignores phone numbers, bank numbers, or even any long numbers by default:
“None of your language insights leave your device unless you opt in to our SwiftKey Cloud service.“
Some concerns have also been raised about potential monetization of the content that SwiftKey can pull from their cloud services, but Kutz cautions that this is not the case by outlining their other means of gaining revenue, including marketing partnerships, custom keyboard themes, and funding from investors.
In the report published by Mark, it’s a bit more straightforward. Simply put, not allowing full access to your device means that you’re explicitly limiting the third-party keyboard to be just that: a keyboard. Providing it that access, though, means that you’ve given the keyboard the capabilities of a full-fledged application. Mark says, in simple terms, that if you want to be safe, simply do not provide full access to any third-party keyboard.
Mark outlines that the warning, which is a very lengthy version of the warning mentioned earlier, is so broad and sweeping that, “…it begs the question as to why this functionality exists in the first place.”
With any new feature that gets introduced to a platform, there are always questions and concerns, one way or another. Of course, with privacy and data the key point regarding third-party keyboards and the access requested by them, it is no surprise that something like this would get covered from every angle. Considering third-party keyboards shot up the App Store rankings and in sales after they were launched into the App Store, and with so many to choose from (with a list that will be forever growing), this feature will continue to be supported in a big way.
You can check out the full reports through the source links below. Have you downloaded a third-party keyboard yet?