"Allow Full Access" has nothing to do with using the actual keyboard. The keyboard is accessible for you to use throughout the system regardless of this setting. In short, allowing full access grants the developer of the keyboard additional access to some of your information and gives the developer access to the internet. From the technical specifications under "Designing for User Trust", Allow Full Access does this:
- Keyboard can access Location Services and Address Book, with user permission
- Keyboard can send keystrokes and other input events for server-side processing
- Containing app can provide editing interface for keyboard’s custom autocorrect lexicon
- Keyboard can employ iCloud to ensure settings and autocorrect lexicon are up to date on all devices
- Keyboard can participate in Game Center and In-App Purchase
The second bullet point is what Apple really wants you to understand. With Allow Full Access a developer COULD send your keystrokes to their server for processing, which might include:
- analyzing your sentence for grammar
- analyzing a word for spelling
- predicting the word you are typing.
Apple is highlighting the fact that a developer COULD use your keystrokes for nefarious reasons instead of the legitimate reasons I listed above. It is possible for a developer to record your sensitive information such as credit card number or street address.
In my opinion, it is not possible for a developer to write a fully-fledged keyboard extension without requesting full access. Without Full Access I can't utilize In-App Purchases, I can't sync your preferences using iCloud, I cannot even provide a basic auto-correct feature.
I just finished developing a keyboard extension for iOS. My keyboard never sends your keystrokes across the internet. I will never see what you have typed. There are no privacy concerns in my opinion, yet you still receive a scary message from Apple when you turn on Allow Full Access. If you have concerns about turning Allow Full Access ON, ask the developer how they are using your data/keystrokes.
One additional note, you cannot use a custom keyboard to type into a password field. iOS will always use the system keyboard for password fields. Developers that do process your keystrokes will not have access to your passwords, unless you type your passwords into a non-password field.
Best Answer
The 3rd party keyboard app are restricted to access data entered only using the app and not be iOS built-in keyboard.
The apps are sandboxed and have access only to what’s typed using the keyboard. It cannot read what’s entered using either the system keyboard or other third party keyboards.