According to dictionary.com keylogging is “the practice of using a software program or hardware device (keylogger) to record all keystrokes on a computer keyboard, either overtly as a surveillance tool or covertly as spyware”.
In the context of a mobile device, this means that some malicious party has taken control of the keyboard component in a user’s device and uses that to record the user’s keystrokes. To what end? This can range from login credentials to credit card numbers, and even seemingly innocent details like work-related messaging and so forth.
There are two main attack vectors in mobile devices:
- The device has been rooted/jail-broken, and some malicious party has control over the entire operating system.
- The user has been lured into installing a 3rd party keyboard. This keyboard comes pre-loaded with keylogging functionality.
In terms of risk management, the following actions can (and should) be taken:
- Detect that your application is deployed in a compromised environment and take preventive actions (e.g. terminate the application)
- Disallow the use of non-standard/non-official keyboards from within your application.
Appdome’s Keylogging Prevention Puts an End to Keylogging in Mobile Apps
The major vendors are already aware of this problem. Apple, for example, does not allow a user to use a 3rd party keyboard when entering a password. Appdome is taking this measure one step further and enforces this policy on ALL input fields in an application.
A good example of the potential risks of keylogging in mobile apps is the ‘Invisible Man’ malware. This malware runs keylogger on Android banking apps and it shows how serious the threat of keylogging in mobile apps can be. With Appdome’s keylogging prevention and root/jailbreak detection, banks can instantly protect their apps and ensure that their customers’ financial information remains safe.
With Appdome’s keylogging prevention, you can also create a white list of 3rd party keyboard vendors you trust. This allows you to minimizing risk without sacrificing usability. As a result, you are not affecting the end-user experience, which is really important in consumer apps.