Apple Faces Security Challenge as Hackers Successfully Circumvent Checks to Distribute Malicious Keyboards, Enabling Unauthorized User Surveillance, Reveals Report.

Protecting Your iPhone: A Guide to Detecting and Removing Malicious Keyboards Designed for Unauthorized Surveillance.

A recent report highlights a potential security threat for iPhone users as malicious keyboards, capable of evading Apple’s robust security checks, could be used for unauthorized surveillance. Unlike apps distributed through the App Store, these third-party keyboards find their way onto iPhones through an alternative avenue, utilized by developers for testing their apps on iOS. Once installed, these keyboards can operate discreetly, collecting sensitive user data such as sent messages, passwords, browsing history, and bank credentials.

Certo Software, a security firm, has identified these third-party keyboards as a form of ‘stalkerware,’ referring to spyware applications or services designed for monitoring and stalking individuals online. The challenge for hackers lies in distributing these malicious apps through the App Store, where Apple rigorously scans and scrutinizes each app before publication. To circumvent this, hackers have reportedly turned to TestFlight as an alternative channel for distributing these spyware-laden keyboards.

Apple’s TestFlight service is an online platform that allows developers to invite people to test out unreleased software or run beta tests of their software, before it is published to the App Store. According to Certo Software, hackers are using the same platform to distribute malicious third-party keyboards to people, which can then be installed on an iPhone belonging to an unsuspecting partner, friend, or family member.

Once installed, the keyboard requires another setting to be enabled on the target’s iPhone that allows third-party keyboards to collect a user’s data. By default, no keyboard on iOS is allowed to access the Internet. Once this permission is enabled, the keyboard is able to transmit all keystrokes that are collected — including chat messages, passwords, notes, browsing history, OTP codes, bank credentials, and other information.

A screenshot of one of these keyboards shared by Certo Software illustrates how similar the malicious keyboard appears to Apple’s default keyboard, making it difficult for users to identify such apps on their smartphone. Data captured from the phone can be viewed by a stalker via a web portal, according to the firm.

The security firm says that users can protect themselves from these kinds of software by opening the Settings app and tapping General > Keyboard > Keyboards. You should see the name of the language you type in — for example, English (UK) — and Emoji. Any third-party keyboards you have installed, like SwiftKey or Gboard will also show up here. However, if you recognise any unknown keyboards here, you can use the Edit button to quickly delete it.

Another sign that unauthorised software has been installed on your phone without your permission is if you haven’t installed the TestFlight app on your phone but find it in your App Library or in the Settings app. You can also change your device passcode to ensure only you can access your phone, and seek support from online resources if you suspect you are a target of stalkerware on your devices, including your smartphone or computer.