Swift Sensitive Data In Keyboard Logging
Description
Detects potential exposure of sensitive data through keyboard logging in iOS/Swift applications. When keyboard autocorrection and prediction features are enabled for sensitive input fields, the entered data may be stored in the device keyboard cache or dictionary, potentially exposing confidential information.
Detection Strategy
• Verifies if the application uses UIKit framework in Swift code
• Identifies text input fields or text views that handle sensitive information
• Checks if proper autocorrection and keyboard settings are disabled for sensitive data input
• Reports issues where sensitive input fields have default or unsafe keyboard configurations that could leak data to keyboard cache
Vulnerable code example
import UIKit
class PasswordField: UIViewController {
func setupPasswordField() {
let passwordField = UITextField()
// VULNERABLE: Enabling autocorrection on password field can leak sensitive data
passwordField.autocorrectionType = .default
}...✅ Secure code example
import UIKit
class PasswordField: UIViewController {
func setupPasswordField() {
let passwordField = UITextField()
// Disable autocorrection for password field to prevent data leakage
passwordField.autocorrectionType = .no
passwordField.textContentType = .password // Additional security: hint system this is a password field...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.