Third Party Keyboards

Third Party Keyboards.... Beware!

Jakey's picture
Your rating: None (1 vote)

I just thought i would insert a quick note, as this isn't really documented anywhere on the internet yet that i can see...

The issue with Third party apps is that you can grant them full system access, which is great for those who want third party keyboards.

However, with that setting comes big consequences, as a result of this a keyboard can now interact with applications on a much deeper level, it can also now report home to the internet. This gives genuine applications visibility of what is being typed, most give privacy agreements around credit card and password fields which is fine.
But for those of us in the enterprise who are using these "secure containers" this is a serious breach of security, you could be unaware of the fact you are leaking sensitive information out to a third party.

Its important to know in order to prevent this all you need to do is make sure you have your corporate applications set as "Managed". Luckily our applications are already managed, so providing we never chose to manage third party keyboards.

There is an important extract in the latest Apple Security document detailing this;

For devices enrolled in mobile device management, document and keyboard extensions obey Managed Open In rules. For example, the MDM server can prevent a user from exporting a document from a managed app to an unmanaged Document Provider, or using an unmanaged keyboard with a managed app. Additionally, app developers can prevent the use of third-party keyboard extensions within their app.


Ensure that in your policy "Allow opening managed app documents in unmanaged apps" is unchecked to prevent third party keyboards. Resulting in the restriction named "Opening documents from managed to unmanaged apps not allowed" being set on the device under General > Profiles > Restrictions.
The setting of "Allow opening unmanaged app documents in managed apps" has no impact on third party keyboard, so this can stay set to suit your current corporate policy.

Hope this helps someone.

Recent Activity