Third-Party Keyboard Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-STORAGE-2, MASVS-PLATFORM-3 |
Overview
Third-Party Keyboard Detection identifies when the user may be entering text through a keyboard or input method outside the trusted system keyboard path. Third-party keyboards are often legitimate and valuable, but they can also observe sensitive input, introduce supply-chain risk, or violate data-handling requirements in regulated environments.
When third-party keyboard risk is detected, AppTego applies your configured response.
When To Use It
Use this control for:
- Login, MFA, password reset, recovery answer, and payment fields.
- Healthcare, identity, government, financial, enterprise, or regulated data entry.
- Apps with strict data residency or input-path control requirements.
- Risk scoring where keyboard posture should influence session trust.
How It Works
The protected app evaluates platform keyboard state and input-method posture to determine whether a non-system keyboard is active or available in a sensitive context. AppTego does not publish exact APIs, package identifiers, bundle identifiers, monitoring cadence, or matching rules in public documentation.
On Android, optional protection behavior can guide the user back to a trusted keyboard before they continue.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Screen And Input Detection section. Under this section you will find the Third-Party Keyboard Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"ThirdPartyKeyboardDetectionResponse": {
"detection": true,
"protection": false,
"action": "alert",
"title": "Third-Party Keyboard Detected",
"message": "For your security, please switch to the system keyboard before continuing.",
"buttons": ["Switch Keyboard"],
"actions": ["open_keyboard_settings"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables third-party keyboard detection. |
protection | Enables supported protective behavior where available. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Many users rely on third-party keyboards for accessibility, multilingual input, or productivity. Use logging first unless your risk model requires hard enforcement.
- Some device manufacturers ship keyboards that behave differently from platform defaults. Test your expected device population.
- Combine this with Keyboard Cache Prevention and Clipboard Protection for stronger input privacy.