Key-Logging. This term tends to be thrown around a lot here and there as an example for eavesdropping attacks.
In a nutshell, key-logging means that some malicious party has taken over the keyboard component in a user’s device, and uses that to record the user’s keystrokes.
This could happen is either of two methods:
- The device has been rooted/jail-broken, and some malicious party has control over the entire operating system.
- The user has been lured into installing a 3rd party keyboard. This keyboard comes pre-loaded with keylogging functionality.
In terms of risk management, the following actions can be taken:
- Detect that your application is deployed in a compromised environment and take preventive actions (e.g. terminate the application)
- Disallow the use of non-standard/non-official keyboards from within your application.
This article will discuss the latter, i.e. how to pre-determine which keyboards can be used with your application.
Prevent Key-Logging Quickly and Easily
Overview of Appdome’s Key-Logging Prevention
You can either disallow all non-OS official keyboards or allow a specific set of keyboards to be used with the application.
How would that look? While using a fused application, stand on a text field and attempt to change the keyboard. You will be able to select the default keyboards and the ones you specified during fusion.
Prerequisites for using Key-Logging Prevention
How to add Key-Logging Prevention to Any Mobile App on Appdome
Follow these step-by-step instructions to prevent key-logging:
Upload a Mobile App to Your Account
From the “Build” tab, go to Security
- Open Mobile Privacy category
- Toggle the Built-in Keyboards Only switch
- Optionally, if there are keyboards you trust:
- Toggle the Allow Custom Keyboards switch
- Add as many keyboard names you wish to whitelist by clicking Add. In iOS, there is also the option to use a wildcard (glob pattern) to match multiple versions of a keyboard.
For example, in iOS if you want to enable SwiftKey then add
*SwiftKeyApp*. Or for Flesky add
To enable SwiftKey in Android you will need to add
Notice that iOS and Android use different identifiers for keyboards.If you are unsure about the identifier they keyboard you wish to whitelist, use this keyboard discovery app for iOS or this one for Android, which will show you the identifiers of all the keyboards installed on your device.
- Here are some popular keyboards for iOS and their identifiers to get you started:
- Facemoji Keyboard:
- Tenor GIF Keyboard:
- GO Keyboard:
- Chrooma Keyboard:
- Classic Keyboard:
- Cheetah Keyboard:
- SwiftKey Keyboard:
- Click Build My App
The technology behind Build My App has two major elements – (1) a micro-service architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add the requested service to the mobile app in seconds.
Congratulations! When your integration is complete, you will see the notice below. You now have a mobile app fully integrated with key-logging prevention.
What to do After I Build My App?
After you have added key-logging prevention to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Please view the article here on How to Complete My Mobile Integration Project After I Build My App.
How Do I Learn More?
Additionally, jailbreaking was mentioned at the beginning of this article as another context in which key-logging might happen. To mitigate that you might want to check out Jailbreak Prevention as a means of mitigating key-logging.
To zoom out on this topic, visit Appdome for Mobile App Security on our website.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.