Everything You Need To Know About iOS 8 Keyboard Permissions (But Were Afraid To Ask)

By far the most exciting thing about iOS 8 — imho — is the side-door it opens into Apple’s walled garden to allow keyboard app makers to come on in for the first time.

No longer is it true that outlandish Qwertys with a twist are barred from Apple’s kingdom. If you want a keyboard that writes in GIFs, well now you can. Or one that auto predicts emoji so you don’t have to flick through all that emoji art looking for the right combination of chips + burger + pizza + beer + beer + beer + milkshake + spew face. Sorted.

Sure, the native iOS keyboard hasn’t gone away. In fact it’s had some TLC of its own (with a new predictive layer sitting atop the keys, called Quick Type). But the iOS user can now finally choose to play away from home when it comes to typing — as, of course, Android users have always been able to.

It’s worth flagging up that Apple has a slightly different permissions structure when it comes to third party keyboards than Android. So read on for the lowdown on the exact keyboard permissions you are granting when you enable third party keyboards on your iOS 8 device.

But first, a quick re-cap on how to get started with adding a new keyboard to your iOS 8 device…

Adding third party keyboards to iOS 8

So how do you get a new keyboard on iOS 8? First you need to find a keyboard you like on the App Store. There are plenty to choose from. Here’s a by-no-means-exhaustive round-up of nine alternatives I prepared earlier, for example. Once you’ve hit on something you like and downloaded it, you’ll need to add the keyboard to your device within the mainline iOS settings interface.

The path to follow here is Settings > General > Keyboard > Keyboards > Add New Keyboard… You’ll then be shown a list which should include the keyboard app you just downloaded. Hit that to add it to your active keyboards. If another arrow is displayed next to the name of the added keyboard you will be able to tap on it again to reach another settings screen where you can ‘Allow Full Access’. This enables an app’s full feature-set — but more of that below, in the permissions section. It’s not necessary to allow Full Access to add a new keyboard, but the functionality you get may be truncated if you don’t.

Given the various menu layers involved in adding third party keyboards to iOS 8 this is undoubtedly a rather convoluted process. It’s almost as if Apple is trying to bury the option to play away from the native keyboard. But, in their defense, it’s probably not the sort of setting that should be too easy to toggle, given how core the keyboard is to the overall experience. Having less techie iOS users accidentally switching on a new keyboard and not knowing how to get back to the familiar native Qwerty is a scenario Apple is obviously keen to avoid.

To switch between keyboards when typing something you generally tap the globe icon at the lower left of the keyboard layout. Some keyboard makers combine this key with other function keys so you may need to hold down a key to access the toggle. Tapping on the globe on Apple’s native keyboard will switch to the next keyboard you have enabled. Or holding the globe key down will bring up a menu overview of all your keyboards so you can tap once to choose the one you want to use. At this early stage, the keyboard toggling interface can still be a bit glitchy. Sometimes keyboards appear to cycle by themselves so you might find that enabling fewer keyboards at a time is more manageable.

iOS keyboard permissions: What does ‘Allow Full Access’ Mean?

Now, not all third party iOS 8 keyboards are equal in terms of the permissions they require to function. Some can function purely within the isolated sandbox of the keyboard interface itself, while others ask to be able to reach outside that sandbox — and this is where the ‘Allow Full Access’ setting, mentioned above, comes in.

The reason a keyboard app might be asking for Full Access is either to connect to the Internet — for instance to enable a cloud service feature within the app — or to talk to another app on the device, such as its own container app. Apple’s guidelines for developers of keyboard software implies their app should offer basic functions (what it terms “normal duties”) without requiring Full Access. Apple goes on to stress that Full Access brings increased “responsibilities” to the developer when it comes to user trust. This is because a networked keyboard can technically be used to capture keystroke data. Which poses a clear privacy threat to the user.

So, to be clear, if you provide Full Access to a third party keyboard you are technically giving that app the ability to capture and transmit your keystroke data (aka the stuff you type) elsewhere. Although reputable keyboard apps will either avoid capturing this data at all, or have clear privacy policies setting out exactly what they are doing with any captured data (perhaps using it to improve the product experience, for instance), and how they are safeguarding your privacy if they are capturing data — by, for instance, anonymizing and aggregating data if they are sharing it, and actively avoiding capturing data from sensitive fields such as password boxes or credit card data forms.

If you don’t like the sound of any keystroke data being captured you can avoid this scenario altogether by not granting Full Access. Although it’s worth noting that if you do later toggle this setting on, the app may be able to send retrospective data, so it’s not a very fine grained control mechanism.

Still, it’s a neat feature of iOS 8 is that it does allows users to choose whether to grant third party keyboard makers networked permission at all — albeit, denying a keyboard app Full Access may well truncate its functionality (notably the SwiftKey keyboard offers limited functionality if Full Access is denied, for example). But at least the user has the means to manage third party keyboards via this master switch.

If you do not allow Full Access a third party keyboard app can still — and should — offer basic keyboard functions but will remain sandboxed on your device and can’t, therefore, be keylogging what you are typing.

So why all the iOS warning screens about keylogging?

Another thing to note about Apple’s implementation of third party keyboards on iOS 8 is the number of user warnings it throws up around the type of data keyboards can capture. Underneath the list of third party keyboards Apple provides the following warning: “When using one of these keyboards, the keyboard can access all the data you type”. It also links to a far longer explanation page detailing “Third-Party Keyboards & Privacy”.

On this page Apple goes on to warn: “If you enable Full Access, developers are permitted to access, collect and transmit the data you type. In addition, if the third-party keyboard has your permission to access location, photos, or other personal data, the keyboard can also collect and transmit that information to the keyboard developers’ servers. If you disable Full Access the keyboard’s developer may be able to access, collect and transmit what was typed while the network access was disabled.”

And if you choose to toggle ‘Full Access’ on for an individual keyboard you will be shown a pop-up warning pertaining to that keyboard which reiterates the warning about the app being able to transmit what you type and what you have previously typed — adding that: “This could include sensitive information such as your credit card number or street address.”

What’s going on here — in essence — is Apple both covering its ass on the security front, and trying to ensure the user is fully aware of the privacy implications of their choices. Given that it is indeed technically true that a networked iOS keyboard can record your keystroke data (i.e. what you are typing) then the user who grants Full Access to third party keyboards is potentially putting a lot of very private information in the hands of a third party. So the onus is on the user to assess whether they trust an app developer before giving that entity the keys to their Qwerty kingdom.

Now Apple’s keyboard-related warnings are generic — as indeed they have to be — so some keyboard developers have complained they are misleading. For instance SwiftKey argues it has systems in place to prevent it capturing sensitive date like passwords and credit cards, so dislikes the warning referring to credit card data capture. (See the section below for more details on the level of permissions being requested by a selection of iOS keyboard apps.)

Apple is probably right to warn users in this way, given the potential risks when they grant Full Access to a keyboard app, although the emphasis of its most visible pop-up warnings is on the potential risks, without tempering that with encouragement to review the app maker’s privacy policy before making a decision on trustworthiness. Another issue is that generic warnings will probably lose their impact over time, once the user gets used to seeing and dismissing the same warning.

Keyboard apps, permissions and privacy: the choice is yours

So you still want to add a third party keyboard to your iOS 8 device, eh? The choice of which keyboard — or keyboards — to add extends beyond considerations of functionality. As noted above, you need to consider how trustworthy the keyboard developer is. Because, for all Apple’s keyboard developer guidelines and its App Store review process, it can’t guarantee a developer isn’t doing something that impinges on your privacy. It’s therefore up to you to make a call on how much trust to place in a keyboard app — given that, with Full Access granted, this type of app has the technical ability to record everything you type.

A selection of keyboard app makers who have already built apps for iOS 8 are detailed below, with a summary of what these specific developers require Full Access for, along with key details from their privacy policies.

SwiftKey

Cost of app: Free

Permissions: Requires Full Access for all functionality beyond very basic typing, including its word prediction technology and SwiftKey Flow input method. Its cloud back-up and profile sync product also clearly require Full Access

From the developer’s blog post explaining why it asks users to enable Full Access: “Allowing ‘full access’ means the keyboard part of the app can communicate with the ‘container app’ part — the icon you see on your homescreen. Key elements of SwiftKey’s technology are stored in the container app (rather than the keyboard itself), such as keyboard settings like quick period, autocorrect and auto capitalise, and getting corrections, completions or predictions from any language model. This decision also enables us to scale in future, for instance we can add more languages (our no. 1 user request) without requiring a manual update of the app.”

Why else might SwiftKey need to communicate with its container app? Likely it’s setting itself up to support a system of in-app payments in future — bringing its free iOS app in line with its freemium Android app, which includes a store where users can purchase different themes.

Privacy: SwiftKey does capture keystroke data but says its system is designed to avoid capturing sensitive data such as credit card numbers and passwords.

Its privacy policy notes that it anonymizes captured keystroke data. It says this type of anonymized, aggregated data can be shared with third parties

Swype

Cost of app: $0.99

Permissions: The initial version of the app did not ask for Full Access. But Swype has sinced updated the app with a version where Full Access can be enabled. It says it uses this purely for a Guided Access accessibility mode

Commenting on the app and iOS permissions, Aaron Sheedy, vice president of mobile solutions within Nuance’s mobile division, said: “The features we were most focused on for our launch of Swype on iOS 8 were speed and accuracy… Swype for iOS 8 currently stores personal language models on the device — getting smarter as people use it to predict the words and phrases they use the most.

“If desired, users do have the option to delete both their personal language model (including any words they added to their Swype dictionary).”

Privacy: Swype says it stores all collected keystroke data locally, on the device. It specifies that no additional data is collected if you enable Full Access

Fleksy

Cost of app: $0.99

Permissions: Requires Full Access to associate a user’s social accounts (Facebook, Twitter, Gmail etc) to improve accuracy by personalizing predictions. Downloading additional language packs also requires Full Access

“Fleksy actually does NOT need any network access for basic functionality,” says founder Ioannis Verdelis, adding that typing and auto-correcting, emoji, changing themes and changing keyboard sizes can be done without granting full access.

“By granting Full Access, a keyboard can (technically at least) log keystrokes and send them to a server for processing. This is why, Apple asks that basic functionality of a keyboard should not need network access. That doesn’t mean that if you grant Full Access a keyboard will be logging keystrokes (we don’t in any case log your keystrokes). It just means that as a user, you have the choice of making it technically impossible for a keyboard to do this. This is unique to iOS and I believe a very solid feature that I wish Android provided too,” he adds.

Privacy: Fleksy’s privacy policy specifies that it does not log data entered into sensitive fields such as password boxes.

If you enable Full Access it can capture the content of what you type but its privacy policy specifies that it only collects language modeling data when a user opts in and specifically for the purpose of improving the product. It says it does not share this data with third parties

Minuum

Cost of app: $0.99



Permissions: Only currently requires Full Access for audio, and to remember user keyboard customization preferences

CEO Will Walmsley tells TechCrunch: “Minuum’s core functionality works completely without full access enabled. Full access is currently only required for Minuum to read and write to the disk (which allows us to remember your keyboard customization preferences) and for Minuum to play sounds.

“The skepticism around full access is that it also enables network access, which in theory could be used to obtain sensitive information. We avoid this entirely by not ever transmitting what you type over the network; we take users’ privacy very seriously.”

Privacy: Minuum’s privacy policy says it actively avoids storing data entered into sensitive fields such as password boxes.

It says anonymized, aggregated keystroke data can be shared by the company with third parties