Apple Warns of Vulnerability in Third-Party iOS Keyboards
Apple has published an advisory about third-party keyboard extensions in iOS 13 and iPadOS 13 (presumably also version 13.1 because the advisory was published the same day it was released). By default, third-party keyboards run without any access to external services, and you must enable “full access” to let them connect to the Internet, which many require to provide additional features. Apple says that a bug in iOS 13 and iPadOS 13 lets some keyboard extensions access the Internet even if you haven’t allowed full access.
On its face, this sounds like a serious vulnerability, but the reality is that most third-party keyboards aren’t useful unless they have full access, so the actual impact is probably minimal. You can see which keyboards you have installed in Settings > General > Keyboard > Keyboards, and we recommend uninstalling any you don’t use (swipe left on the keyboard to reveal a Delete button).
Start the discussion in the TidBITS Discourse forum