I was looking is there any possibility to force an app to use the Android native keyboard instead of a custom one (ie Swift keyboard).
Thinking in terms of security this could be an interesting topic in order to prevent loose of information through fake or malicious keyboards.
What do you think, any possibility to do that?
Thanks,
Regards,
AFAIK there is no possibility of enforcing the default keyboard, I've also found nothing about this in the OWASP Mobile Security Testing Guide.
I fear this is the reason why some applications provide their own custom keyboard for PIN/Code entry.
Another hint: if you use sensitive text fields you should at least disable auto-correct (and automatic learning of new words) for this field. Otherwise the password could be found in the autocorrect database (which was shared between users on older android versions).
Related
I am developing an Android application (Xamarin Forms) where the user will be entering personal and potentially sensitive information. I would like to prevent the keyboard from "learning" words that the user enters into the application.
I know it is possible for the user to manually delete learned words from their phone (as explained here: https://trendblog.net/delete-learned-words-android-keyboard/ ) but is it possible for an application, or specifically text entries, to tell Android to not learn from entered text?
In Xamarin Forms Entry, try turning off text prediction:
<Entry ... IsTextPredictionEnabled="false" />
I don't know whether that also disables "remembering" what you type. Try it, and leave a comment whether that worked.
If no cross-platform solution is suggested, then you'll need to make a "custom renderer" for Entry, in your .Android project.
There, behavior is controlled by the input type.
Try visible password or maybe no suggestions. (not sure exactly what those are in xamarin, but intellisense will show you the options, at the right place in the custom renderer's code.)
There are apps like Texpand which are able to replace text in any EditText view - even of views which are part of other apps. Looking at the app-info this is happening without any requested permissions. I'm scratching my head how this is done - my (rookie) understanding is that each app resides in its own separated sandbox, so it should not have direct access to other apps views?
I looked for possible global events which could be provided by any central manager, but found nothing. More likely I would expect the replacement to be done passively (that means without the app being aware of the actual EditText), but checking for possible bindings or user dictionaries I found nothing promising either.
Looking at my Android system it seems the app is neither using permissions nor installing a keyboard. Additionally I don't see any entries in my user dictionary. Does anybody have an idea how the described functionality could actually be achieved?
Texpand's Google Play posting indicates that it uses Accessibility Services. Accessibility services are a set of APIs Android offers to help build tools to allow non-standard interactions with apps (such as audio descriptions/voice commands) to expand access to the platform to people with an impairment that might otherwise prevent them from using a touch-screen/smart-phone.
These include the ability to take action on the behalf of a user, such as filling in text fields.
I want to implement the keyboard of google wallet. Anyone know how to do that. The keyboard is on the page. Not the system default keyboard. Thank you Or how can I draw a keyboard?
this Link Android custom numeric keyboard will help you figure this problem
You can easily see how Google implemented the keyboard by downloading the Google Wallet APK (or by rooting your phone and pulling the APK off) and unpacking/decompiling it with your tool of choice (e.g. Procyon, CFR, JD, etc.). I can only speculate, but I think they did this to minimize the possibility of a third-party keyboard app logging the input, and so that they can "shred" the PIN in memory as soon as it has been used.
The keypad is just a bunch of buttons laid out as a table/grid, and the buttons are customized to have the subscript effect (i.e. 2ABC) using SpannableStrings.
After decompiling, you can find what you're interested in by looking at the com.google.android.apps.wallet.pin package, specifically the PinButton class. Also, look at the /res/layout/pin_view.xml layout and its includes (pin_fields.xml and pin_pad.xml).
I want to create a custom keyboard for my application. ie. consider a simple text input and when I click on that, I want a custom keyboard to appear. For ex : a dialler like keyboard, having keys 0-9 and then some custom buttons for my application. Is it possible to do that in android?
Yes, this is possible. There are two ways to approach this:
Create your own input method (keyboard) - here's an example on google of how this can be done: http://developer.android.com/resources/samples/SoftKeyboard/index.html - you'll then need to set this keyboard as an IME in your app.
Create your own view with a bunch of buttons to handle your own stuff. This won't be a "keyboard" in a true android way, but it would do everything you need for your app. I have seen apps that contain their own "keyboards" designed in this way.
In addition, keep in mind that even the basic android keyboard has several "versions" available: alpha, keypad, symbols, etc.
Which way you prefer to go depends on your specific needs, your development abilities and time constraints.
Create your own view with a bunch of buttons to handle your own stuff. This won't be a "keyboard" in a true android way, but it would do everything you need for your app. I have seen apps that contain their own "keyboards" designed in this way.
In addition, keep in mind that even the basic android keyboard has several "versions" available: alpha, keypad, symbols, etc.
Which way you prefer to go depends on your specific needs, your development abilities and time constraints.
I was wondering if it is possible to intercept keyboard input on a global level on Android. For example a user types in text into an edittext (does not matter which application) I would like to access said text to check for certain words. Is this even possible with Android's security model (yes I am aware this kind of feature could be used for various wrong things too).
Thanks,
b3n
Not possible. Thst's a security hole. You're welcome to modify the android firmware though