Indeed. I question Apple's wisdom in allowing such freedom with third-party keyboard apps. I think they should have restricted them to not allowing key-logging.
It's a generic warning. It's what can theoretically can happen, and there hasn't been a single proven case of any nefarious keylogging. I'm sure they've been thoroughly vetted by Apple so that they felt comfortable enough to allow them in the app store.
That, I am afraid, is a weak argument.
If I never locked my door and had no burglaries for twenty years, that doesn't mean that what I'm doing is sensible.
If I never locked my door and had no burglaries for twenty years, that doesn't mean that what I'm doing is sensible.
But in this case Apple owns the house, chooses who is coming and going and can then lock the doors anyway if it so chooses.
Hardly. As it's allowing key-logging, it's depending on the trustworthiness of every third-party keyboard developer. There's nothing Apple can do to detect whether a developer is stealing people's information. You only need one bad egg in a company and there goes your trust. That situation could be avoided by simply not allowing key-logging in the first place.
Hardly. As it's allowing key-logging, it's depending on the trustworthiness of every third-party keyboard developer. There's nothing Apple can do to detect whether a developer is stealing people's information. You only need one bad egg in a company and there goes your trust. That situation could be avoided by simply not allowing key-logging in the first place.
Why do keyboard extensions have to have Internet access? Seriously, why can't they at least do a few things intelligently for the user, without having to have Full Access? Why does Apple place the burden of allowing Full Access to users who are mostly naive about security/privacy? Is Apple responsible for this all-or-nothing situation? It would seem so!
Why do keyboard extensions have to have Internet access? Seriously, why can't they at least do a few things intelligently for the user, without having to have Full Access? Why does Apple place the burden of allowing Full Access to users who are mostly naive about security/privacy? Is Apple responsible for this all-or-nothing situation? It would seem so!
I just blocked Internet access to SwiftKey on my LG G3 and the keyboard still worked. As far as why would a keyboard need Internet access, that's an easy one. SwiftKey, for example, offers predictive text. To offer decent predictive text they need to both collect what people are typing and be able to distribute that data to their users. For example, if one were to enter "Scottish" into the keyboard, it'll be more likely to offer "referendum" as the next word. Or maybe a new public figure is all over the news and has an uncommon last name. Smart keyboards will update to add that last name so that it can be swiped.
And finally, don't forget that Apple isn't forcing you to use a third party keyboard. They trust these companies enough to put them in their app store. If feel that Apple's security is up to snuff, then don't download a third party keyboard (there's probably a lot of other apps you shouldn't use either if you don't trust Apple's screening process, but that's for another day).
Indeed. I question Apple's wisdom in allowing such freedom with third-party keyboard apps. I think they should have restricted them to not allowing key-logging.
I disagree. Apple is giving people what they want. It's up to them to decide if they are willing to accept the risks associated with using these extensibility enhancements.
Indeed. I question Apple's wisdom in allowing such freedom with third-party keyboard apps. I think they should have restricted them to not allowing key-logging.
I disagree. Apple is giving people what they want. It's up to them to decide if they are willing to accept the risks associated with using these extensibility enhancements.
Well, that's what Apple have done. But they didn't for seven years. I'm thinking of all the people who never bother reading terms and conditions who won't even know it's happening. Some may call that stupidity. Of course, Apple wouldn't be culpable, but I just hope that the media don't blow it up if someone falls victim to fraud due to key-logging.
Hardly. As it's allowing key-logging, it's depending on the trustworthiness of every third-party keyboard developer. There's nothing Apple can do to detect whether a developer is stealing people's information. You only need one bad egg in a company and there goes your trust. That situation could be avoided by simply not allowing key-logging in the first place.
How about you think about it another way: why would a vendor risk their ability to be on the app store by doing so? Trust works in a number of different directions.
No one seems to have a problem with 1password. They say they don't exfiltrate your passwords. Do they?
Hardly. As it's allowing key-logging, it's depending on the trustworthiness of every third-party keyboard developer. There's nothing Apple can do to detect whether a developer is stealing people's information. You only need one bad egg in a company and there goes your trust. That situation could be avoided by simply not allowing key-logging in the first place.
How about you think about it another way: why would a vendor risk their ability to be on the app store by doing so? Trust works in a number of different directions.
No one seems to have a problem with 1password. They say they don't exfiltrate your passwords. Do they?
Your assertion that 'no one seems to have a problem with 1password' is laughable.
There is a reason why services like 1password, Paypal and Bitcoin have tiny markets. People trust Apple, and if one is going to entrust sensitive data with a company online, it makes sense to keep that data with as few sources as possible. Due to the loyalty, trust and brand that Apple have, almost everyone who uses Apple won't ever use those third-party companies for as long as Apple offers a competing service.
Your assertion that 'no one seems to have a problem with 1password' is laughable.
Yet you don't say why? I can't really prove a negative.
There is a reason why services like 1password, Paypal and Bitcoin have tiny markets. People trust Apple, and if one is going to entrust sensitive data with a company online, it makes sense to keep that data with as few sources as possible. Due to the loyalty, trust and brand that Apple have, almost everyone who uses Apple won't ever use those third-party companies for as long as Apple offers a competing service.
Tiny markets. I really don't know what to say about that. I mean, PayPal, for example, is a global player. Just because *you* frown upon it doesn't mean it's not a huge market.
I trust Apple too. That doesn't mean I don't trust other parties. Like, say Dropbox. I don't put anything in iCloud. I may in time, but for now Dropbox covers it all off.
Anyway, to get on point you made a shit analogy. And if you trust Apple you would trust their automated testing and closer scrutiny I would hope they would apply in assessing these keyboard apps. They offer a curated experience aafter all.
Apple are covering their back here, no only do you have to turn Full Access on, but even when you do they put the fear of God into you th the next warning, where you then have to choose 'Allow' a secondary time in a modal notification. This is why it's never been allowed before now, it's a security minefield. The only replacement keyboard I am interested in is one identical to the Apple one but with Shift fixed and case sensitive keys, no learning, no prefs syncing, just s slightly modified layout
Also we built KeyReply as a custom keyboard with response templates saved on it - for teams. It allows you to manage your preset replies both on web and on the iOS app. It's meant to help mobile workforces be more productive on the go.
Personally we were concerned about asking people to enable full access on their keyboards, so we decided to make it so that it's unnecessary for people to do that. It does take away some options, but it works exactly as it should.
Comments
Indeed. I question Apple's wisdom in allowing such freedom with third-party keyboard apps. I think they should have restricted them to not allowing key-logging.
It's a generic warning. It's what can theoretically can happen, and there hasn't been a single proven case of any nefarious keylogging. I'm sure they've been thoroughly vetted by Apple so that they felt comfortable enough to allow them in the app store.
That, I am afraid, is a weak argument.
If I never locked my door and had no burglaries for twenty years, that doesn't mean that what I'm doing is sensible.
But in this case Apple owns the house, chooses who is coming and going and can then lock the doors anyway if it so chooses.
That, I am afraid, is a weak argument.
If I never locked my door and had no burglaries for twenty years, that doesn't mean that what I'm doing is sensible.
But in this case Apple owns the house, chooses who is coming and going and can then lock the doors anyway if it so chooses.
Hardly. As it's allowing key-logging, it's depending on the trustworthiness of every third-party keyboard developer. There's nothing Apple can do to detect whether a developer is stealing people's information. You only need one bad egg in a company and there goes your trust. That situation could be avoided by simply not allowing key-logging in the first place.
Then why allow them in at all?
You shouldn't as their wisdom far surpasses your own.
Why do keyboard extensions have to have Internet access? Seriously, why can't they at least do a few things intelligently for the user, without having to have Full Access? Why does Apple place the burden of allowing Full Access to users who are mostly naive about security/privacy? Is Apple responsible for this all-or-nothing situation? It would seem so!
Why do keyboard extensions have to have Internet access? Seriously, why can't they at least do a few things intelligently for the user, without having to have Full Access? Why does Apple place the burden of allowing Full Access to users who are mostly naive about security/privacy? Is Apple responsible for this all-or-nothing situation? It would seem so!
I just blocked Internet access to SwiftKey on my LG G3 and the keyboard still worked. As far as why would a keyboard need Internet access, that's an easy one. SwiftKey, for example, offers predictive text. To offer decent predictive text they need to both collect what people are typing and be able to distribute that data to their users. For example, if one were to enter "Scottish" into the keyboard, it'll be more likely to offer "referendum" as the next word. Or maybe a new public figure is all over the news and has an uncommon last name. Smart keyboards will update to add that last name so that it can be swiped.
And finally, don't forget that Apple isn't forcing you to use a third party keyboard. They trust these companies enough to put them in their app store. If feel that Apple's security is up to snuff, then don't download a third party keyboard (there's probably a lot of other apps you shouldn't use either if you don't trust Apple's screening process, but that's for another day).
I disagree. Apple is giving people what they want. It's up to them to decide if they are willing to accept the risks associated with using these extensibility enhancements.
Well, that's what Apple have done. But they didn't for seven years. I'm thinking of all the people who never bother reading terms and conditions who won't even know it's happening. Some may call that stupidity. Of course, Apple wouldn't be culpable, but I just hope that the media don't blow it up if someone falls victim to fraud due to key-logging.
How about you think about it another way: why would a vendor risk their ability to be on the app store by doing so? Trust works in a number of different directions.
No one seems to have a problem with 1password. They say they don't exfiltrate your passwords. Do they?
Hardly. As it's allowing key-logging, it's depending on the trustworthiness of every third-party keyboard developer. There's nothing Apple can do to detect whether a developer is stealing people's information. You only need one bad egg in a company and there goes your trust. That situation could be avoided by simply not allowing key-logging in the first place.
How about you think about it another way: why would a vendor risk their ability to be on the app store by doing so? Trust works in a number of different directions.
No one seems to have a problem with 1password. They say they don't exfiltrate your passwords. Do they?
Your assertion that 'no one seems to have a problem with 1password' is laughable.
There is a reason why services like 1password, Paypal and Bitcoin have tiny markets. People trust Apple, and if one is going to entrust sensitive data with a company online, it makes sense to keep that data with as few sources as possible. Due to the loyalty, trust and brand that Apple have, almost everyone who uses Apple won't ever use those third-party companies for as long as Apple offers a competing service.
Tiny markets. I really don't know what to say about that. I mean, PayPal, for example, is a global player. Just because *you* frown upon it doesn't mean it's not a huge market.
I trust Apple too. That doesn't mean I don't trust other parties. Like, say Dropbox. I don't put anything in iCloud. I may in time, but for now Dropbox covers it all off.
Anyway, to get on point you made a shit analogy. And if you trust Apple you would trust their automated testing and closer scrutiny I would hope they would apply in assessing these keyboard apps. They offer a curated experience aafter all.
Swift key is awesome by the way.
Personally we were concerned about asking people to enable full access on their keyboards, so we decided to make it so that it's unnecessary for people to do that. It does take away some options, but it works exactly as it should.
Check out http://keyreply.com if you like how it sounds!