今天和同学聊起了 iOS 的第三方键盘沙盒,我一直以为,不开完全访问的话,应该没有什么信息泄露的渠道。
官方的说法是:
Capabilities and restrictions
- Keyboard can perform all the normal duties expected of a basic keyboard
- Access to a common words lexicon for autocorrect and text suggestion
- Access to the text shortcuts list in Settings
- No shared container with containing app
- No access to file system apart from keyboard ’ s own container
- No ability to participate directly or indirectly in iCloud, Game Center, or In-App Purchase
Privacy considerations
- Users know that keystrokes go only to the app that is using the keyboard
但是留意了一下搜狗输入法,键盘里的一些按键是可以唤起 app 到指定的设置页面的,查了下 URL Scheme 好像的确可以拿来传参。
所以,只要键盘唤起了 app,那么是不是就存在输入数据被泄露的可能性?那有没有什么办法可以把一段时间的 URL Scheme log 下来检查下呢?
我没有做过 iOS 开发,概念理解上有什么问题还请大家指正!
Select Language