Adversaries may log user keystrokes to intercept credentials or other information from the user as the user types them.
Some methods of keylogging include:
AccessibilityServiceclass, overriding the
onAccessibilityEventmethod, and listening for the
AccessibilityEvent.TYPE_VIEW_TEXT_CHANGEDevent type. The event object passed into the function will contain the data that the user typed. *Additional methods of keylogging may be possible if root access is available.
When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.
Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.
On Android, users can view and manage which applications have third-party keyboard access through the device settings in System -> Languages & input -> Virtual keyboard. On iOS, users can view and manage which applications have third-party keyboard access through the device settings in General -> Keyboard.
Application vetting services can look for applications requesting the
android.permission.BIND_ACCESSIBILITY_SERVICE permission in a service declaration. On Android, users can view and manage which applications can use accessibility services through the device settings in Accessibility. The exact device settings menu locations may vary between operating system versions.