> > >

How to Prevent Keyloggers in Android & iOS Apps

This knowledge base article describes 3 Easy Steps to Prevent Keyloggers in Android & iOS Apps to protect mobile privacy and ensure data loss prevention. No Code, Zero Dev, No SDK.

What Does to Prevent Keyloggers in Android & iOS Apps Protect?

What is keylogging and what are keyloggers?

How to prevent keylogging in mobile apps? Let’s start with Keylogging. This term tends to be thrown around a lot here and there as an example for eavesdropping attacks. In a nutshell, keylogging means that some malicious party has taken over the keyboard component in a user’s device, and uses that to record the user’s keystrokes. This could happen in either of two methods:

The device has been rooted/jail-broken, and some malicious party has control over the entire operating system.
The user has been lured into installing a 3rd party keyboard. This keyboard comes pre-loaded with keylogging functionality.

In terms of risk management, the following actions can be taken:

Detect that your application is deployed in a compromised environment and take preventive actions (e.g. terminate the application)
Disallow the use of non-standard/non-official keyboards from within your application.

This article will discuss the latter, i.e. how to pre-determine which keyboards can be used with your application. You can either disallow all non-OS official keyboards or allow a specific set of keyboards to be used with the application. How would that look? While using a fused application, stand on a text field and attempt to change the keyboard. You will be able to select the default keyboards and the ones you specified during fusion.

What does prevent keyloggers protect?

Preventing keyloggers is an essential part of a data loss prevention (DLP) strategy. Prevent keyloggers protects the user name, passwords and all other sensitive and valuable information that users type into apps.

Appdome is a no-code mobile app security platform designed to add security features, like keylogger prevention. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily protect mobile privacy and ensure data loss prevention.

Prerequisites for Preventing Keylogging

Appdome Ideal account
Appdome-DEV access
Mobile App (.ipa for iOS, or .apk or .aab for Android)
Signing Credentials (e.g., signing certificates and provisioning profile)
Optional: A list of allowed keyboard applications.

3 Easy Steps to Prevent Keyloggers in Android & iOS Apps

Please follow these 3 easy steps to prevent keyloggers from stealing sensitive data in Android and iOS apps.

Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
In the Build Tab, under Security, Select Mobile Privacy and Toggle Keylogging Prevention on (shown below)
Click Build My App

Optionally, if there are keyboards you trust:

- Toggle the Allow Custom Keyboards switch
- Add as many keyboard names you wish to whitelist by clicking Add. In iOS, there is also the option to use a wildcard (glob pattern) to match multiple versions of a keyboard.
  For example, in iOS if you want to enable SwiftKey then add com.swiftkey.SwiftKeyApp.Keyboard or just *SwiftKeyApp*. Or for Flesky add com.syntellia.Fleksy.extension.
  To enable SwiftKey in Android you will need to add com.touchtype.swiftkey/com.touchtype.KeyboardService
  Notice that iOS and Android use different identifiers for keyboards. If you are unsure about the identifier of the keyboard you wish to whitelist, use this keyboard discovery app for iOS or this one for Android, which will show you the identifiers of all the keyboards installed on your device.
- Here are some popular keyboards for iOS and their identifiers to get you started:
  1. Fleksy: com.syntellia.Fleksy.extension
  2. SwiftKey: com.swiftkey.SwiftKeyApp.Keyboard
  3. Bitmoji: com.bitstrips.imoji.BitmojiKeyboard
  4. Blink: com.ethanlongfan.Blink-Keyboard.Keyboard
  5. ColorKeyboard: com.appyfurious.ckfree.extensionnew
  6. FancyKey: com.fancygif.EmojiKeyboard.FancyEmoji
  7. Gboard: com.google.keyboard.KeyboardExtension
  8. GO: com.jb.gokeyboard.customkeyboard
  9. Grammarly: com.grammarly.keyboard.extension
  10. TouchPal: com.cootek.smartinput.keyboard
  11. betterkeyboard: com.berzapp.betterkeyboard.NewThemeKeyboard
- For Android:
  1. Gboard:com.google.android.inputmethod.latin/com.android.inputmethod.latin.LatinIME
  2. Facemoji Keyboard: com.simejikeyboard/com.baidu.simeji.SimejiIME
  3. Tenor GIF Keyboard: com.riffsy.FBMGIFApp/com.tenor.android.ime.latin.LatinIME
  4. GO Keyboard: com.jb.emoji.gokeyboard/com.jb.gokeyboard.GoKeyboard
  5. Chrooma Keyboard: com.gamelounge.chroomakeyboard/org.smc.inputmethod.indic.LatinIME
  6. Fleksy: com.syntellia.fleksy.keyboard/.Fleksy
  7. Classic Keyboard: com.appstech.classic/com.menny.android.iconmekeyboard.SoftKeyboard
  8. Cheetah Keyboard: panda.keyboard.emoji.theme/com.android.inputmethod.latin.LatinIME
  9. SwiftKey Keyboard: com.touchtype.swiftkey/com.touchtype.KeyboardService

Congratulations! You now have a secured mobile app that prevents keyloggers from stealing sensitive information entered by the mobile app user.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with keylogging prevention. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites for Preventing Keyloggers in Android & iOS Apps

Here’s what you need to build secured apps with keylogging prevention

Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
Mobile App (.ipa for iOS, or .apk or .aab for Android)
Signing Credentials (e.g., signing certificates and provisioning profile)

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with keylogging prevention. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Signing Secure iOS and Android apps
Customizing, Configuring & Branding Secure Mobile Apps
Deploying/Publishing Secure mobile apps to Public or Private app stores

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

More Prevent Keyloggers in Android & iOS Apps Resources

Additionally, jailbreaking was mentioned at the beginning of this article as another context to prevent keylogging in mobile apps. To mitigate that you might want to check out Jailbreak Prevention as a means of mitigating keylogging.

To zoom out on this topic, visit Appdome for Mobile App Security on our website.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Dany Zatuchna

Have a question?

Ask an expert

TomMaking your security project a success!