This application does not use application:shouldAllowExtensionPointIdentifier: on the application delegate to disable third-party keyboards.
iOS apps can choose to grant permissions to use app extensions such as 3rd party keyboards. Allowing 3rd party keyboards can introduce privacy risks such as keystroke logging and in turn, sensitive data leaks. It is considered a security best practice to disable 3rd party keyboard extensions unless necessary.
Recommendation
Implement application:shouldAllowExtensionPointIdentifier: on the application delegate and return NO for the identifier UIApplicationKeyboardExtensionPointIdentifier.
Summary
This application does not use
application:shouldAllowExtensionPointIdentifier:
on the application delegate to disable third-party keyboards. iOS apps can choose to grant permissions to use app extensions such as 3rd party keyboards. Allowing 3rd party keyboards can introduce privacy risks such as keystroke logging and in turn, sensitive data leaks. It is considered a security best practice to disable 3rd party keyboard extensions unless necessary.Recommendation
Implement
application:shouldAllowExtensionPointIdentifier:
on the application delegate and returnNO
for the identifierUIApplicationKeyboardExtensionPointIdentifier
.Details and code snippets can be found at Apple's documentation.
Risk and Regulatory Information
Severity: medium CVSS: 4
Application
See more detail in the NowSecure Report