SwiftKey Security Issue

[C DM]

Why doesn't Swype require this "Allow Full Access"? It works fine without it.

^^^ this

Swype does not require full access, unlike SwiftKey. That gets my vote!

Perhaps Swype doesn't learn so doesn't need that access?

----------

Ok so if I typed in a credit card number using Apple's keyboard than downloaded SwiftKey, it wouldn't have that info. Right?

It throws me when it says "including things you have previously typed with this keyboard". Does that mean Apple's keyboard or SwiftKey's?

Well, it specifically says "this keyboard", so clearly it won't apply to any other keyboard.

 

[czechboy0]

Why doesn't Swype require this "Allow Full Access"? It works fine without it.

Full access means that the keyboard can communicate with the container app. SwiftKey uses it so that you can download more languages in the container and then go to the keyboard and use them. More info here: https://iossupport.swiftkey.com/hc/e...-iOS-keyboard-

Nothing you type leaves your device unless you turn on SwiftKey Cloud which gives you sync and backup. But even that is encrypted.

----------

Thanks for the feedback. So if I don't type any passwords or credit card info into the SwiftKey keyboard I should be fine?

SwiftKey is build to NOT learn sensitive data such as credit card information by design. See here, in the privacy policy:
"You may encounter an alert when installing our Products on your device, warning that third-party keyboards may collect or log sensitive data such as passwords, credit card numbers or street addresses.

SwiftKey Products are designed not to receive, store or transmit any such sensitive data."

And in any case - when SwiftKey learns the then predicts something you don't want, you can always long press on the candidate button which will let you blacklist such a term, so it will never be predicted again.

When it comes to passwords, iOS automatically launches the Apple keyboard for such fields, so no 3rd party keyboard can be used for typing into such secure field. This is by design.

 

[Sappharad]

Since nobody has really provided the answer plain and simple: A third party keyboard can not see what you type with another keyboard, unless you switch to that keyboard. If you're concerned about having the keyboard installed but only don't want it to see what you're typing in specific instances, then you don't need to worry because it can't access your text unless you're using it.

From a technical standpoint, keyboards implement a UITextDocumentProxy. Per apple's description, "A text document proxy provides textual context to a custom keyboard".
https://developer.apple.com/library...ITextDocumentProxy/documentContextBeforeInput
A text document proxy can do 5 things:
1. Get the text before or after the typing 'cursor' in order to determine context. They don't really specify how much text it gives, but it's only going to provide data from the text field that has focus, not any others.
2. Adjust the position of the typing cursor.
3. Insert text
4. Delete text
5. Check if the text field is empty.

These activities can only be accomplished when a custom keyboard is running, so if you're using the apple keyboard SwiftKey won't have access to any data that you type. If you're in a text field and switch to SwiftKey, they can request the text already there for context purposes.