Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal device usage, users often provide credentials to various locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Keylogging) or rely on deceiving the user into providing input into what they believe to be a genuine application prompt (e.g. GUI Input Capture).
When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user. An EMM/MDM can use the Android
|M1006||Use Recent OS Version||
Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.
Application vetting services can look for applications requesting the permissions granting access to accessibility services or application overlay. Users can view and manage installed third-party keyboards.