When you install SwiftKey, you might have seen a message asking you to enable Allow Full Access so as to use SwiftKey. Apple, on the other hand, warns you that allowing full access will enable the developer to record what you type.
It's enough to get paranoid about information security which explains why a lot of people are talking about, complaining about the ambiguity or the apparent lack of security. I am no expert but from what I’ve read, seen, worked with, here's my “two cents.”
Passwords, Credit-card Info in Forms Still Secure
Even if you have a third-party keypad enabled (and set as default), your iPhone/iPad will switch to Apple’s stock/default keypad when you are entering information into a designated password/credit-card field. If the text-field is designated for sensitive information (like pass), iOS 8 automatically switches to the stock keypad.
I have tried three different scenarios and in all, this works flawlessly.
- Fields within third-party apps: open a third-party app like Dropbox/Twitter and try to Sign in. When you tap on the password field, the keyboard will switch to Apple stock.
- Fields within web forms (tested in Safari, Chrome etc.): any password or credit-card info field in a web form will trigger the Apple stock keypad. Even if you tap on the globe icon (that cycles through all available keypads), you will get only the stock options (if you have multiple stock keypads enabled).
- Obviously, in any stock app (like Calendar, Mail, App Store), which asks for your password, Apple’s stock keypad shows up when you try to enter sensitive data: password, credit card info, etc.
So that leaves us with all other textfields in apps and on the web. What happens then?
Turning on Allow Full Access
In all other input fields, the third-party keypad works. And when Allow Full Access is turned on, just as Apple states, the developer can (and that’s a mighty can) track what's being typed.
If you have the habit of typing out passwords and credit card info (and other sensitive information like PIN) into normal text-fields, there's a possibility that the information can be transmitted to the keypad developer. As much unlikely as it sounds if you consider the credibility and trust factor (all these keypad devs depend on users trusting their products/services), it's equally likely too. Sorry developers: you might be good but if there's a possibility of things going wrong, I apply Murphy's law.
If you happen to look at Fleksy's docs for the full access switch, you'll find what – from the developer's point of view – allowing full access lets the developer do in the real world. This switch is apparently to let all the customization features be available. It will also let the keypads to “understand” your word-usage patterns better. And in some cases, you will be able to add custom words to the dictionary. This is almost true and same for most third-party keypads. Allow Full Access mostly means more customization options (from adding backgrounds to the keypad to letting the keypad know more about what words you frequently use and when).
I've turned on Allow Full Access and mostly don’t think about it. Most keypads work just fine without the feature enabled but when a keypad asks you to enable it to unlock all the features, you should try the keypad without enabling it. If you’re just fine with the experience, then don’t bother to enable Allow Full Access.
And if you want to uninstall a keypad without deleting the app, you can just disable the keypad easily.