Are Third-Party Keyboards Secure?

Third-party keyboards have been one of the biggest hits of iOS 8 since its launch last week. But are they secure? This concern derives from a standard warning displayed by iOS 8 when the keyboards are granted “full access.” Different keyboard apps break down their feature sets between standard install and “full access” differently.

The top free keyboard app this year was SwiftKey Keyboard. While the basic keyboard works with a standard installation, key features like word predictions and the finger-tracing typing require that full access be granted.  Naturally, users were worried that their information, was being sent back to SwiftKey.  Jennifer Kutz, Communications Chief for SwiftKey, assures users that despite the request for full access, “none of your language insights leave your device unless you choose our optional SwiftKey Cloud service.” Certain types of information such as credit card numbers, or any other long numbers, are intentionally ignored by SwiftKey.

The second most popular option is Fleksy Keyboard – Happy Typing.  Unlike SwiftKey, Fleksy does not require full access be granted in order for predictions to function. Full access is required, however, for other personalization and customization options such as pulling in Facebook, Gmail, and Twitter typing data.  Founder and chief operating officer Ioannis Verdelis says, “Fleksy performs all of its processing locally on the device, and does not need Full Access to perform its corrections.  Users can improve its performance if they want, by allowing network access so they can sync their language data, but this is completely optional.  We don’t collect people’s keystrokes, typing data, credit card numbers, etc, regardless of whether you enable Full Access or not.”

Lastly, the third most popular keyboard, Swype.  Rebecca Paquette of Nuance Communications states, “The features we were most focused on for our launch were speed and accuracy – a keyboard that is intuitive and powerful to use.”  Unlike some other keyboards, Swype does not include an option for pulling in typing data from Facebook and Gmail, and does not offer a cloud backup or syncing services.  This simplicity allows it to forgo the need for full access.

Ultimately, what it comes down to is trust. Granting a keyboard full access means that any data can be transmitted back the developer’s servers for a variety of uses. So while there are potential risks to granting a keyboard full access, users weighing the usefulness of a keyboard should be informed enough to consider whether or not to grant full access.

Sourced: 11/29/16

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s