iOS 8 Keyboards, 'Full Access', and User Privacy

[Lictor]

Anyway, if you really care about your privacy, you have a Nokia 3310 or something similar, not a smartphone...

 

[irnchriz]

And I'm convinced that Apple deliberately worded the warning to scare most people into sticking with the default keyboard.

No, they did it to ensure that when one of these keyboard providers gets caught selling your data that they are not liable. They make it clear that it is YOUR choice to let the developer access your data.

 

[Dionte]

Wow, just wow.

Why does that scare you but not just using the internet?

Because it specifically says the developer of this keyboard can transmit anything you type. I've never seen that pop up before and then say "Allow"?

 

[DarthTater]

These comments make me laugh. Security? Ever give your credit card to a server in a restaurant? Ever read it over the phone?

 

[JamesPDX]

Trust but Verify

So yes, assume that everything you've typed into your device is sitting on at least one cloud. Think of it like an in-app browser with a different UI. Speaking of "vested interest" - Who knows what that is at any given moment? It's a broad statement.

----
"Ultimately, what it comes down to is trust. Granting a keyboard full access certainly does mean that any typing data can be transmitted back the developer's servers for a variety of uses. Most high-profile firms have a vested interest in maintaining user trust and being forthcoming about how that data is used."
----

 

[TechRemarker]

I honestly don't get what all this fuss is about.

Firstly, when using the keyboard for security purposes (i.e. logging on to your phone if you have advanced passwords set), then the default keyboard appears anyway, from what I've seen with SwiftKey so far...

Secondly, it's only the press of 1 button to toggle on the standard apple keyboard, so when entering bank details, passwords etc - why don't you just toggle this keyboard on at these times?

Honesty, people are so keen on creating a fuss over ****-all these days... Why don't we all call this keyboardgate?

Yes you can turn off the keyboard when entering in personal data, however the apple warning says that the app can gain access to anything typed previously as well even when not using the custom keyboard. So while the devs currently say they are not looking at that data, they have the ability to, or a rogue employee or a hacker ect may in the future.

 

[Lictor]

The last of those threats, however, government warrants, will always be there. If you fall under suspicion of the government, anything you type "can and will" be used against you.

If the government, or even a competitor, as an interest in your, they will know everything that you type or see on your screen, without the need for a keylogger or a third-party keyboard...
15 years ago, the technology was there to do that from a simple van parked 500m from your home (I had a demonstration, it was pretty cool). The only limitation was that it didn't work so well in huge cities, so they had to park just outside your building. But I can only imagine it has gotten much better since...

So, if they really have an interest in you, you can use all the encryptions you want, you can disconnect totally from the Internet, they will still get your data. That's why terrorists use snail mail or face to face meeting...

 

[Fenez]

No information is safe, if you use a cell phone or the internet you are trackable... So funny how people worry about security while never thinking twice about posting their wholes lives down to the last boring detail on social media..

 

[0098386]

The fact that devs can record everything you type is why I refuse to use any custom keyboards.

I used Swiftkey and loved it but yeah, after reading that everything I type is sent over to them and logged no way am I enabling that again. I've deleted it off my phone now.

 

[ohbrilliance]

Apple could alleviate much of our concern by allowing three levels of access from the extension: 1. no access to the container app, 2. access to the container app but without network access, 3. access to the container app with network access.

The concerns about security aren't rational. Here, we have a company with a clean reputation stating that keystrokes aren't submitted over the Internet, and we're up in arms, yet we have companies that do have access to everything we type via web forms and email, such as Google, and we turn a blind eye to the privacy risks with them.

 

[RMo]

Wait. So does this mean the SwiftKey is using my data for predictions but Swype isn't (because they claim that, apparently by contrast, it is contained within the extension)? I'm not using any of the "cloud" services but would still be curious to know about this part.

 

[OldSchoolMacGuy]

How often do you enter your credit card or other sensitive information on those sites? And if you do, can you friend me please?

Do you know how your data is stored on those sites? Sites like Amazon, Target, Walmart and every other retailer? Do you know what the 3rd party keyboard makers are even storing and what they aren't?

1/2 of all businesses have had a data breach in the last year. Do you really believe that the businesses you've picked to give your info to are somehow in the 50% that haven't? If you really believe that, it's time to head to Vegas.

----------

Apple could alleviate much of our concern by allowing three levels of access from the extension: 1. no access to the container app, 2. access to the container app but without network access, 3. access to the container app with network access.

The concerns about security aren't rational. Here, we have a company with a clean reputation stating that keystrokes aren't submitted over the Internet, and we're up in arms, yet we have companies that do have access to everything we type via web forms and email, such as Google, and we turn a blind eye to the privacy risks with them.

Exactly. People get a little big of information twisted in a way to make headlines and they get irrational. They give Facebook and Google every single bit of data about what they do, where they are, who their friends are, how they communicate, and much more but a company that clearly makes it's use of your data known and it's time to go crazy.

 

[ChrisTX]

Yet it's quite clearly obvious that none of the major keyboard developers actually dive into your information and steal your data. Honestly, you're not that special mate.

If Swipe or SwiftKey used our data maliciously on Android (for example) they'd be bankrupted and long gone before developing on iOS.

My two cents.

You took the words right out of my mouth. This "problem" is only new to the iPhone but 3rd party keyboard apps have been a part of Android for years now. If these companies were truly malicious, then I agree they would have been found out long before now.

 

[chipchen]

You took the words right out of my mouth. This "problem" is only new to the iPhone but 3rd party keyboard apps have been a part of Android for years now. If these companies were truly malicious, then I agree they would have been found out long before now.

I don't think anyone (or most people) actually think that swift key is looking to use this info maliciously. But, any extra point of vulnerability raises more security concerns.

Take for instance, Home Depot. No one expects them to store credit card numbers for a malicious reason... But they became a victim of vulnerability themselves which exposed customer data.

Say some Russian or Chinese hackers are able to breach SwiftKey databases and crack the encryption. It wouldn't be hard to write a script to find 15 and 16 digit strings of numbers and the inputs after and around them to generate full credit card data. The argument could be made that it is more of a problem than the Home Depot breach because this could in fact include addresses, phone numbers, cc security codes, etc.

 

[haruhiko]

Swype doesn't require Full Access at all and I happily paid $0.99 to them for this. SwiftKey, goodbye.

----------

How do you think the developer of a free app makes money?

I thought SwiftKey offered some in-app purchase upgrades, and turns out it's completely free. And it doesn't sound good.

 

[haruhiko]

I don't think anyone (or most people) actually think that swift key is looking to use this info maliciously. But, any extra point of vulnerability raises more security concerns.

Take for instance, Home Depot. No one expects them to store credit card numbers for a malicious reason... But they became a victim of vulnerability themselves which exposed customer data.

Say some Russian or Chinese hackers are able to breach SwiftKey databases and crack the encryption. It wouldn't be hard to write a script to find 15 and 16 digit strings of numbers and the inputs after and around them to generate full credit card data. The argument could be made that it is more of a problem than the Home Depot breach because this could in fact include addresses, phone numbers, cc security codes, etc.

Why must a malicious hacker be a Russian or Chinese? I think if you're not mentioning these two countries but a kind of colored people, everyone will scream racist.

 

[jeremiah239]

Huh. So does a secondary keyboard still "see" what you're typing on the Apple keyboard?

obviously not.

 

[chipchen]

Why must a malicious hacker be a Russian or Chinese? I think if you're not mentioning these two countries but a kind of colored people, everyone will scream racist.

You don't read the news?

http://www.bbc.com/news/technology-29250959

http://www.washingtonpost.com/news/...hackers-may-have-stolen-your-medical-records/

http://www.dailytech.com/Russian+Ha...th+Massive+Credit+Card+Theft/article36492.htm

http://www.nytimes.com/2014/08/06/t...billion-stolen-internet-credentials.html?_r=0

Hackers come from everywhere... of late, the biggest breaches have been from Russia and China. It's just the facts.

And I'm Chinese.

 

[invenio]

Nuance's (Swype) Privacy Policy

I'd be very wary of using Swype. Nuance (maker of Swype) states in their privacy policy this, among others:

By using the Website or Nuance Products, you consent to the collection and use of your Personal Information by Nuance consistent with applicable data protection law and this Privacy Policy which is expressly incorporated into any applicable Website or Nuance Product Terms of Use or End-User License Agreement. You also represent to us that you have any and all authorizations necessary to use these Nuance Products including using them to process Personal Information. Nuance collects and uses the information you provide to us, including information obtained from your use of this Website or a Nuance Product. We may use or share Personal Information (e.g., name, address, telephone number, email address, and location) where it is necessary for us to complete a transaction or do something that you have asked us to do. Also, we may use the information that we collect for our internal purposes to develop, tune, enhance, and improve our products and services, and for advertising and marketing consistent with this Privacy Policy. By using Nuance products and services, you acknowledge, consent and agree that Nuance may collect, process, and use the information that you provide to us and that such information shall only be used by Nuance or third parties acting under the direction of Nuance, pursuant to confidentiality agreements, to develop, tune, enhance, and improve Nuance services and products.

They go on to say:

In addition to what is expressly stated in this Privacy Policy, we may also share your Personal Information with third parties in the following situations:

Nuance Affiliates, Vendors and Suppliers. Nuance works with many affiliated third parties, vendors, distributors, and suppliers. To the extent it is necessary for these groups to provide their products and services to us and provide products and services you have requested, these third parties may have access to or process your Personal Information. Nuance may also sometimes permit our authorized service providers to have access to aggregate statistics about our customers, sales, traffic patterns, and related Website or Application information. These transfers of aggregate statistics do not involve Personal Information or data.

What bugs me here is that they keep the backdoor open by saying they may use your personal information, which in reality means that they do.

 

[Mums]

Yet it's quite clearly obvious that none of the major keyboard developers actually dive into your information and steal your data. Honestly, you're not that special mate.

If Swipe or SwiftKey used our data maliciously on Android (for example) they'd be bankrupted and long gone before developing on iOS.

My two cents.

Your two pence? Anybody who uses the word "mate" instantly calls their credibility into question.

----------

Yet it's quite clearly obvious that none of the major keyboard developers actually dive into your information and steal your data. Honestly, you're not that special mate.

If Swipe or SwiftKey used our data maliciously on Android (for example) they'd be bankrupted and long gone before developing on iOS.

My two cents.

And if he's "not that special" - as you in your working-class parlance intimate - why does Google sell his data?

 

[Tech198]

lol black & white Nokia phones.

I wouldn't wanna go back there again .......

But ya, my privacy comes above all else, and while this isn't stopping me from updating to iOS 8, is among one of the issues on the list.

That, heaps of apps i have no time to go over one by one to see. so i'm staying with iOS7.

Any third party keyboard could transmit any info it likes, but the take-away from this is like using open source on Mac..... or any app, but we use it..

This dialog is just bringing the attention to the user, right away they, otherwise would have probably not worried about till later.

Users/developers have a right to freak out

What if Apple didn't have the dialog ?? Would more people use third party keyboards and not even worry i wonder.

 

[Lictor]

Swype doesn't require Full Access at all and I happily paid $0.99 to them for this. SwiftKey, goodbye.

Yup. There is no such things as a free product. There is always a paid for product. When a product is free, it's likely that the product is not what you think it is. If it's coming from a for-profit company, it is very likely that the product is actually YOU.

 

[damantei]

Naivete

Yet it's quite clearly obvious that none of the major keyboard developers actually dive into your information and steal your data. Honestly, you're not that special mate.

If Swipe or SwiftKey used our data maliciously on Android (for example) they'd be bankrupted and long gone before developing on iOS.

My two cents.

Yes, they say that they don't collect data.....OF COURSE they're going to say that they don't collect data....just like every criminal in the world says , "I didn't do it...." if we believed everything someone says...well- you know where that leads

 

[Vincent Pride]

it's not about privacy - it's about your discussions and topics of interest being sold to advertisers. If you get something for free - you're not a customer, you're a product.

 

[NotAdvisable]

Your two pence? Anybody who uses the word "mate" instantly calls their credibility into question.

Actually I'm Australian and I've recently been placing "mate" into sentences as a type. Sincerest apologies.

If these companies where indeed selling our data, they would have been found out long before now - and they wouldn't exist at all.