Reputation: 39
How to Restrict Third-Party Keyboards in an Android App for Security Reasons?
I am particularly worried about the potential security risks associated with third-party keyboards, like the LokiBoard Keyboard, which can potentially save keystrokes entered into an EditText and compromise user data.
I want to ensure that users cannot use third-party keyboards while interacting with sensitive parts of my app. How can I restrict or block third-party keyboards to prevent them from capturing sensitive input data?
1.Is it possible to restrict or disable third-party keyboards for specific activities or views in an Android application?
2.Are there any best practices or APIs available to prevent third-party keyboards from capturing input in sensitive areas?
3.Can you suggest any other strategies or security measures to protect user input from potential keylogging by third-party keyboards?
Upvotes: -2
Views: 677
Answers (2)
Reputation: 489
The code below works for most of the devices. It has not yet been tested with different phone manufacturers. Reference link reference link
public boolean isUsingCustomInputMethod() {
InputMethodManager imm = (InputMethodManager) ctx.getSystemService(
Context.INPUT_METHOD_SERVICE);
List<InputMethodInfo> mInputMethodProperties =
imm.getEnabledInputMethodList();
final int N = mInputMethodProperties.size();
for (int i = 0; i < N; i++) {
InputMethodInfo imi = mInputMethodProperties.get(i);
if (imi.getId().equals(
Settings.Secure.getString(ctx.getContentResolver(),
Settings.Secure.DEFAULT_INPUT_METHOD))) {
if ((imi.getServiceInfo().applicationInfo.flags &
ApplicationInfo.FLAG_SYSTEM) == 0) {
return true;
}
}
}
return false;
}
Upvotes: 1
Reputation: 93688
Ok, a few things here:
There is no such thing as a 3rd party keyboard, because there is no such things as a first party keyboard. There is no "default Android keyboard". There is a keyboard app that Google wrote called latinIME that is frequently bundled with Android, but its no different than any other keyboard app. And not all phones have that. In particular phones for regions without latin keyboards frequently don't ship it.
Since there is no such thing as a 1st or 3rd party keyboard, there's no way to prevent someone using any keyboard they want to use, unless you're talking about hardware you own and can control what's installed on it. If the user wishes to download a keyboard app, you cannot prevent it, cannot know that they did it, and there is no API to find out what keyboard is being used.
My suggestion is not to worry about it. While a keyboard is a great way to install a keylogger, it's also not the only way and very few people download alternate keyboards. I'd be more worried about random malware from the play store than I would about the keyboard.
Upvotes: 0
Related Questions
- How do I programmatically "restart" an Android app?
- How to manually include external aar package using Gradle for Android
- How to remove application from app listings on Android Developer Console
- How to delete shared preferences data from App in Android
- How to set tint for an image view programmatically in android?
- How can I programmatically open the permission screen for a specific app on Android 6.0 (Marshmallow)?
- How to set default font family for entire Android app
- How to remove all debug logging calls before building the release version of an Android app?
- How to detect when an Android app goes to the background and come back to the foreground
- Ionic Cordova disable third party keyboards on Android