Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Apple Warns About Third-Party Keyboard Issue in iOS 13 and iPadOS, Fix Coming Soon

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,583
13,213



Apple today released a support document warning users about a security issue affecting third-party keyboards in iOS 13 and iPadOS.

Third-party keyboards can be set to run standalone without access to external services or can request "full access" to provide additional features. A bug in iOS 13 and iPadOS can cause keyboard extensions to be granted full access even if full access hasn't been approved.


According to Apple, the bug does not affect Apple's built-in keyboards, nor does it impact keyboards that don't make use of full access.
Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request "full access" to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven't approved this access.
Apple says that the bug will be fixed in an upcoming software update. Third-party keyboards that you might have installed can be viewed by opening up the Settings app, and then going to General > Keyboard > Keyboards.

iOS users concerned about their data and the access granted to third-party keyboards can mitigate the issue by temporarily uninstalling third-party keyboards.

Article Link: Apple Warns About Third-Party Keyboard Issue in iOS 13 and iPadOS, Fix Coming Soon
 

BootsWalking

macrumors 65816
Feb 1, 2014
1,363
8,022
It's bad enough third-party keyboards get to see everything you type but giving those apps access to network services (intentionally or not) lets them share that data with others. Very smart of Apple to compartmentalize the two and require users to grant network access - unfortunate about the bug which breaks the logic but they found it quick enough. If anything it'll raise awareness of the security issue when you do explicitly grant network access to these keyboard apps.
 
Comment

thejadedmonkey

macrumors G3
May 28, 2005
8,471
1,599
Pennsylvania
This has got to be the most bug riddles release I've seen in a while. This version was definitely rushed, and the 13.1 release was equally as rushed for whatever reason. I've seen the Trump Tariffs given as a reason, but either way I'm sure Apple programmers will be happier when 13.1.x or 13.2 is out.
 
  • Like
Reactions: leventozler
Comment

JohnApples

macrumors 68000
Mar 7, 2014
1,532
2,409
This has got to be the most bug riddles release I've seen in a while. This version was definitely rushed, and the 13.1 release was equally as rushed for whatever reason. I've seen the Trump Tariffs given as a reason, but either way I'm sure Apple programmers will be happier when 13.1.x or 13.2 is out.
This is fairly buggy. But it’s nothing compared to iOS 11 *shudders*
 
Comment

aesc80

macrumors 6502a
Mar 24, 2015
808
1,611
Protecting you by spamming about bluetooth access.
Let's a keyboard bug cross, even when permission isn't granted.

"By innovation only"

NOTE: I'm mainly more salty about how bad iOS/iPadOS 13 has been in comparison.
 
  • Like
Reactions: Appleman3546
Comment

urnotl33t

macrumors regular
Jan 26, 2017
199
278
Cary, NC, USA
Remember, they had to make the 13.0/13.1 cut-and-ship decision back on Aug 1 to get around the pending tariffs on China stuff. It was a gamble for a situation that never came, but it was uncertain at the time.


Well, it's a theory, but we'll never know now; the tariff didn't happen (at that time), so it was a bet against a future that never existed but a very real threat *at the time*. Billions of cash on the line... what would you do? [yes yes, i know, us lowly humans can't fathom those large numbers, but someone must, and that someone is Luca Maestri]
 
  • Like
Reactions: Sikh and SDJim
Comment

calstanford

macrumors 6502a
Nov 25, 2014
763
2,569
Hong Kong
Apple needs to be split up. They can’t get anything done remotely on time. Half of new iPhone’s features missing. iOS delayed (as is MacOS for years). Then .1 release. Oh sorry we forgot to add security patch. And and and

Too big to manage.

When small and nimble Apple was world class. now it’s just another IBM
 
Comment

MacRumorUser78

macrumors member
Jan 9, 2014
55
18
Just checked my PadKeys and it has an option for Full Access but I hadn't granted it. PadKeys works fine (it's my usual keyboard) but maybe I've been giving up some "features."
 
Comment

MagMan1979

macrumors regular
May 4, 2015
103
744
I always thought add-on keyboards were a bad idea on Android ripe for abuse (proven right over the years), and I have believed this to be an equally bad idea on iOS since the day it was introduced, and once again proven right.

The built-in iOS keyboard is second-to-none for accuracy and ease of use, why some one would want to infect their iOS device with a potentially keystroke-harvesting POS is beyond me.
[automerge]1569355303[/automerge]
Apple needs to be split up. They can’t get anything done remotely on time. Half of new iPhone’s features missing. iOS delayed (as is MacOS for years). Then .1 release. Oh sorry we forgot to add security patch. And and and

Too big to manage.

When small and nimble Apple was world class. now it’s just another IBM
Thank god people like you don’t run Apple.
 
Comment

iGeneo

macrumors 6502a
Jul 3, 2010
768
1,380
People still have third party keyboards? I forgot that was even a thing years ago.
Indeed... stuff happens

My bet is that many here don’t use 3rd party keyboards anyhow. Or they are the people that complain about Apple adding emojis and now they are bothered that their Bitmoji keyboard may be insecure
 
  • Like
Reactions: Sikh
Comment

69Mustang

macrumors 604
Jan 7, 2014
7,672
14,516
In between a rock and a hard place
I always thought add-on keyboards were a bad idea on Android ripe for abuse (proven right over the years), and I have believed this to be an equally bad idea on iOS since the day it was introduced, and once again proven right.
Aren't you painting with a pretty broad brush? There are tons of people on Android and iOS who use 3rd party keyboards without an issue at all. They aren't a bad idea. You may not like them, but that doesn't make them a bad idea.
 
Comment

SoN1NjA

macrumors 68020
Feb 3, 2016
2,020
2,120
the pool
So the only way people get warned is an obscure support document? I guess bad actors getting “full access” to a keyboard (passwords, emails, private texts) isn’t worthy of a pop-up

**** off with the privacy ********, Apple
 
Comment

deuxani

macrumors 6502a
Sep 2, 2010
635
622
People still have third party keyboards? I forgot that was even a thing years ago.
I always thought add-on keyboards were a bad idea on Android ripe for abuse (proven right over the years), and I have believed this to be an equally bad idea on iOS since the day it was introduced, and once again proven right.

The built-in iOS keyboard is second-to-none for accuracy and ease of use, why some one would want to infect their iOS device with a potentially keystroke-harvesting POS is beyond me.

Till iOS 13 I was still using SwiftKey and loved it. You guys might be native English speakers, but for many languages in the rest of the world the default Apple keyboard was/is almost useless. Till iOS 13 my language didn’t even have word prediction, let alone being able to talk in two languages without changing the keyboard (which is very common in my country). SwiftKey had all of that for years, so obviously many people use third party keyboards if Apple is too lazy or just doesn’t prioritise a simple keyboard update for other than the big languages.

But only now I can finally switch. Even though many other people probably still can’t or won’t.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.