We recently reported about an iOS 13 bug that leaked users credit card information. Now a new iOS 13 bug has come to light and this one gives third-party keyboards full access to your iPhone even when you are not using the device. The worst part is that third-party keyboards can access all of your information despite being denied the same.
Apple has taken note of the bug and has also published an advisory document. Understandably Apple is keeping the things under wraps and the support document doesn’t mention much. Typically keyboards can be used in two modes, the first one is standalone and the other one is full access. As the name suggests, the full access mode will give complete access to the keyboard and this includes your keystroke data and any personal stuff that you type.
Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.
The bug will allow third-party apps to get full access even when the user denies access. Apple says that the bug doesn’t affect the native iOS keyboard. Switching to the iOS keyboard might be a wise thing to do, at least until the vulnerability is patched. Apple will fix the iOS 13 bug with the help of a software update. Meanwhile, you can check third-party keyboard apps by Opening the Settings app>Keyboard>Keyboards.
