Adding either of those entitlements to a keyboard app should require extremely scary dialogs. Needs to be possible - perhaps you want your password manager with sync to be part of the keyboard app - but it's clearly a huge risk.
You don't need the keyboard application to be able to communicate externally for that. You could have a separate, optional, downloader/installer. That's better for security all around.
https://developer.apple.com/documentation/uikit/keyboards_an...
The question is do you actually trust regular users to understand what’s going on when they’re asked for permission to grant an app the ability to do something sketchy?
That narrows the gap significantly - to users who can't understand the issues, but can (even with the app providing an explanation) find reasonably well-hidden settings.
It doesn't matter if it's behind a footnote, an easter egg, a password input, a magic email code, a call with the main project developer, all of the above, etc. No matter how many steps you try to add, there are still an incredible number of idiots who will mindlessly tap through literally any number of dialogs, warnings, and disclaimers to get to what they want.
Their brain will entirely filter out the path they took. They will probably not even remember a single one of those intermediate steps. The only thing they care about is that they're fixing some problem.
This could be one of the reasons Apple and Google don't want you jailbreaking/rooting your devices. Someone will inevitably make a guide, and millions of idiots will follow it. It will legitimately make the device less secure for them because they won't have any idea what they are doing and likely won't even remember doing it. The only thing they care about is that they're fixing some problem.
This is one reason why some people get so panicked and upset when anything on their computer changes unexpectedly, even if the change is actually harmless. They never actually understood anything. They had managed to accidentally get it how they want it through a combination of stuff that they don't remember. When anything changes, they have to go through that process again.
Look, these people are great at following guides and learning routines. Repetitive, mindless tasks like data entry are perfect for them, because they have no other talent to worry about wasting. But because these people exist, you have to be really careful about what settings you add, no matter how well you think it is hidden, because they will be changed by people who don't know what they're doing.
So far, the devs that have told me this have done so because I asked for some setting to turn off some safeguards, and they said that it's a near-universal request from power users, but they still can't do it, because the rest of their userbase is too clueless to be trusted with that setting. They'd receive bug reports from people who have no clue what went wrong, when the reality is that they disabled the safeguards in order to make something work, and then promptly forgot what happened once it worked the way they wanted. This has supposedly happened so many times in the past that they just don't take the risk anymore.
Anyway, all this is to say that while hiding a setting, as opposed to automatically prompting for it, can definitely rule out a decent chunk of idiots, you will never be able to rule out the resourceful idiots that can mindlessly follow instructions.
