{ "id": "165270", "key": "TIMOB-24300", "fields": { "issuetype": { "id": "7", "description": "gh.issue.story.desc", "name": "Story", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "17608", "name": "Release 6.1.0", "archived": false, "released": true, "releaseDate": "2017-05-26" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2017-01-28T09:46:33.000+0000", "created": "2017-01-12T00:46:56.000+0000", "priority": { "name": "High", "id": "2" }, "labels": [], "versions": [], "issuelinks": [], "assignee": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "updated": "2017-01-28T09:46:38.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10206", "name": "iOS", "description": "iOS Platform" } ], "description": "A security scan found a possible Information Leakage issue associated with this:\r\n\r\nApple introduces several new IPC (Inter Process Communication)/Extensions since the inception of iOS 8. One of the Extension Points is the ability for users to install \"Custom Keyboards.\" Custom Keyboards can operate in 2 Open Access modes (On and Off).\r\n\r\nThey observed that application allows custom keyboard. The use of custom keyboards can have security implications, if the user allows the custom keyboard to have internet connectivity. If the custom keyboard can connect to the internet, it can send any keystroke to the custom keyboard maker's server, leading to potential data leakage.\r\n{code}\r\n\r\nCan you ensure if is there a way we can ensure this warning won't show up when building the app?", "attachment": [], "flagged": false, "summary": "iOS: Add ability to disallow custom keyboards (Data Leakage) via tiapp.xml", "creator": { "name": "sliang", "key": "sliang", "displayName": "Shuo Liang", "active": true, "timeZone": "Asia/Harbin" }, "subtasks": [], "reporter": { "name": "sliang", "key": "sliang", "displayName": "Shuo Liang", "active": true, "timeZone": "Asia/Harbin" }, "environment": null, "closedSprints": [ { "id": 796, "state": "closed", "name": "2017 Sprint 02 SDK", "startDate": "2017-01-15T00:00:41.845Z", "endDate": "2017-01-29T00:00:00.000Z", "completeDate": "2017-01-30T21:10:44.640Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "404551", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "*PR*: https://github.com/appcelerator/titanium_mobile/pull/8748\r\n\r\n*To test*: \r\n1. Download one of the custom-keyboard apps and install the custom keyboard\r\n2. Create a new Titanium project\r\n3. Paste the following content into the index.js / app.js file:\r\n{code:js}\r\nvar win = Ti.UI.createWindow({\r\n backgroundColor: '#fff'\r\n});\r\n\r\nvar field = Ti.UI.createTextField({\r\n width: 300,\r\n height: 40,\r\n backgroundColor: \"#f0f0f0\"\r\n});\r\n\r\nwin.add(field);\r\nwin.open();\r\n{code}\r\n3. Add {{false}}\r\n4. Run the Titanium app\r\n\r\n*Expected behavior*: The custom keyboard does not show up. Toggle the property to see different behaviors.\r\n\r\nUpdated guide: https://wiki.appcelerator.org/display/guides2/tiapp.xml+and+timodule.xml+Reference#tiapp.xmlandtimodule.xmlReference-allow-custom-keyboards", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-01-12T20:22:49.000+0000", "updated": "2017-01-13T12:44:59.000+0000" }, { "id": "404586", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "[~sliang] This should fit the customers requirements.", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-01-13T12:34:41.000+0000", "updated": "2017-01-13T12:34:41.000+0000" }, { "id": "405400", "author": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "body": "FR passed, using:\r\nMacOS 10.12 (16A323)\r\nStudio 4.8.1.201612050850\r\nTi SDK 6.1.0\r\nAppc NPM 4.2.8\r\nAppc CLI 6.1.0\r\nAlloy 1.9.5\r\nXcode 8.2 (8C38)\r\nCustom keyboards are not allowed when setting the allow-custom-keyboards property to false. They are allowed when the property is true. Tested using the provided test case and modified versions of it", "updateAuthor": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2017-01-26T16:59:58.000+0000", "updated": "2017-01-26T16:59:58.000+0000" }, { "id": "405443", "author": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Verified in SDK 6.1.0.v20170126150653", "updateAuthor": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2017-01-27T00:24:39.000+0000", "updated": "2017-01-27T00:24:39.000+0000" } ], "maxResults": 5, "total": 5, "startAt": 0 } } }