iOS/iPadOS 13 vulnerabilities will allow third-party keyboard to run entirely standalone

Apple issues an alert about vulnerability in iOS/iPadOS 13. This vulnerability affects third-party keyboard applications, allowing third-party keyboards to run independently.

Experts have shown that third-party keyboard extensions can run completely independently and do not require access to external services, so it is forbidden to store what you type unless you grant third-party keyboard “full access” permission to enable some additional functionality through network access.

“iPhone 11 / iPhone 11 Max / iPhone 11R / iOS 13 Concept” by Ran Avni is licensed under CC BY-NC-ND 4.0

Apple explains:

“Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.”

Currently, Apple releases iOS/iPadOS 13.1.1 to fix this security issue.