Prevent Keylogging in Mobile Apps

How to prevent keylogging in mobile apps? Let’s start with Keylogging. This term tends to be thrown around a lot here and there as an example for eavesdropping attacks.

In a nutshell, keylogging means that some malicious party has taken over the keyboard component in a user’s device, and uses that to record the user’s keystrokes.

This could happen is either of two methods:

  1. The device has been rooted/jail-broken, and some malicious party has control over the entire operating system.
  2. The user has been lured into installing a 3rd party keyboard. This keyboard comes pre-loaded with keylogging functionality.

In terms of risk management, the following actions can be taken:

  1. Detect that your application is deployed in a compromised environment and take preventive actions (e.g. terminate the application)
  2. Disallow the use of non-standard/non-official keyboards from within your application.

This article will discuss the latter, i.e. how to pre-determine which keyboards can be used with your application.

How to Prevent Keylogging in Mobile Apps Quickly and Easily 

Overview of Appdome’s Keylogging Prevention

You can either disallow all non-OS official keyboards or allow a specific set of keyboards to be used with the application.

How would that look? While using a fused application, stand on a text field and attempt to change the keyboard. You will be able to select the default keyboards and the ones you specified during fusion.

Prerequisites for Preventing Keylogging

Prevent Keylogging in Mobile Apps on Appdome 

Follow these step-by-step instructions to prevent keylogging:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, go to Security

  1. Open Mobile Privacy category
  2. Toggle the Built-in Keyboards Only switch
  3. Optionally, if there are keyboards you trust:
    • Toggle the Allow Custom Keyboards switch
    • Add as many keyboard names you wish to whitelist by clicking Add. In iOS, there is also the option to use a wildcard (glob pattern) to match multiple versions of a keyboard.
      For example, in iOS if you want to enable SwiftKey then add com.swiftkey.SwiftKeyApp.Keyboard or just *SwiftKeyApp*. Or for Flesky add com.syntellia.Fleksy.extension.
      To enable SwiftKey in Android you will need to add com.touchtype.swiftkey/com.touchtype.KeyboardService
      Notice that iOS and Android use different identifiers for keyboards.If you are unsure about the identifier they keyboard you wish to whitelist, use this keyboard discovery app  for iOS or this one for Android, which will show you the identifiers of all the keyboards installed on your device.
    • Here are some popular keyboards for iOS and their identifiers to get you started:
      1. Fleksy: com.syntellia.Fleksy.extension
      2. SwiftKey: com.swiftkey.SwiftKeyApp.Keyboard
      3. Bitmoji: com.bitstrips.imoji.BitmojiKeyboard
      4. Blink: com.ethanlongfan.Blink-Keyboard.Keyboard
      5. ColorKeyboard: com.appyfurious.ckfree.extensionnew
      6. FancyKey: com.fancygif.EmojiKeyboard.FancyEmoji
      7. Gboard: com.google.keyboard.KeyboardExtension
      8. GO: com.jb.gokeyboard.customkeyboard
      9. Grammarly: com.grammarly.keyboard.extension
      10. TouchPal: com.cootek.smartinput.keyboard
      11. betterkeyboard: com.berzapp.betterkeyboard.NewThemeKeyboard
    • For Android:
      1. Gboard:
        com.google.android.inputmethod.latin/com.android.inputmethod.latin.LatinIME
      2. Facemoji Keyboard: com.simejikeyboard/com.baidu.simeji.SimejiIME
      3. Tenor GIF Keyboard: com.riffsy.FBMGIFApp/com.tenor.android.ime.latin.LatinIME
      4. GO Keyboard: com.jb.emoji.gokeyboard/com.jb.gokeyboard.GoKeyboard
      5. Chrooma Keyboard: com.gamelounge.chroomakeyboard/org.smc.inputmethod.indic.LatinIME
      6. Fleksy: com.syntellia.fleksy.keyboard/.Fleksy
      7. Classic Keyboard: com.appstech.classic/com.menny.android.iconmekeyboard.SoftKeyboard
      8. Cheetah Keyboard: panda.keyboard.emoji.theme/com.android.inputmethod.latin.LatinIME
      9. SwiftKey Keyboard: com.touchtype.swiftkey/com.touchtype.KeyboardService
  4. Click Build My App

The technology behind Build My App has two major elements – (1) a micro-service architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add the requested service to the mobile app in seconds.

Congratulations! When your integration is complete, you will see the notice below. You now have a mobile app fully integrated with keylogging prevention.

What to do After I Build My App?

After you have added keylogging prevention to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.

How Do I Learn More?

Additionally, jailbreaking was mentioned at the beginning of this article as another context to prevent keylogging in mobile apps. To mitigate that you might want to check out Jailbreak Prevention as a means of mitigating keylogging.

To zoom out on this topic, visit Appdome for Mobile App Security on our website.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Dany Zatuchna

Have a question?

Ask an expert

AlanMaking your security project a success!