Compatible with iPad and iPad mini running iOS 7.0 or later, Textastic Code Editor for iPad 5.0 is available now in the App Store as a free update or as a new $8.99 download.
- With iOS 8, TextExpander’s cunning plan is to use a customizable keyboard to fulfill its ambitions to work within any app. Custom shortcuts.
- DETAILS Purchase a subscription to TextExpander.com to get access to all the apps: Chrome, Mac, Windows, iPhone and iPad. 30-day free trial available. OVERVIEW A quick shortcode while typing drops in the necessary “snippets” of language to send to clients and customers. TextExpander keeps your whole team communicating consistently.
- TextExpander for Mac v6.5+ macOS 10.12, 10.11, 10.10 (Sierra, El Capitan, Yosemite) TextExpander for Mac v6.2.8: Windows 8, 10: TextExpander for Windows v2: Chrome v73 or later: TextExpander for Chrome v1: iOS 9 or later: TextExpander for iPhone and iPad v4.
- A few days have passed since the release of TextExpander 5.0, so it’s time to share what we’ve learned from this release. Upgrade Overlay. This is our first paid upgrade to use the new upgrade overlay.
- Download
If your download is not starting, click here.
Thank you for downloading TextExpander from our software library
The version of TextExpander you are about to download is 1.0.5.0. Each download we provide is subject to periodical scanning, but we strongly recommend you to check the package for viruses on your side before running the installation. The contents of the download are original and were not modified in any way. You are about to download a shareware program. It may sharply differ from the full version of the program due to the license type.
TextExpander antivirus report
This download is virus-free.This file was last analysed by Free Download Manager Lib 36 days ago.
KASPERSKY
Email theme. NOD32
AVIRA
WebAdvisor
Often downloaded with
- SwiftText Word ExpanderSwiftText Word Expander is a program that improves typing speed and efficiency..$49DOWNLOAD
- Text To HTML Converter-markdownText to HTML Converter-Markdown converts the plain text to HTML for publishing..$9.95DOWNLOAD
- Instant Text ProInstant Text Pro is an abbreviation expander offering: - Abbreviations that..$189DOWNLOAD
- Dolphin Text Editor MenuDolphin Text Editor Menu expands the functionality of any text editor. It..DOWNLOAD
- Text Express 2 DeluxeWork your way up from simple coal shoveler to powerful railroad tycoon as you..$19.95DOWNLOAD
Synopsis
Suggested snippets in TextExpander 5.0 and 5.1 are stored in plaintext and synchronize to the cloud and other devices in kind. This maybe unexpected given the current wording of the “Privacy Details”section of the help file (below). This may seem harmless, but if notconfigured carefully to exclude certain apps (e.g., Terminal, iTerm 2,Emacs) then TextExpander may unintentionally save passwords you typeas suggested snippets, which then are stored in plain text and willpropagate to the cloud and other devices. I contacted Smilesupport about this, since I thought it must be a bug or an oversightgiven what I read in the documentation. They kindly clarified thebehavior and indicated that they will consider updating thedocumentation or adding an FAQ entry to address these points. Readmore below for additional background, suggested configuration changes,and details on how to remove any such sensitive information that mayhave been stored in Dropbox as a result.
Background and Details
TextExpander from Smile is a Mac (and iOS) applicationthat allows one to define short abbreviations for longer words andphrases. Keepassxc vs keepass. A TextExpander “snippet” consists of an abbreviation,content (the full-text associated with the abbreviation), and rulesabout how and when the abbreviation can be used. TextExpander thenwatches what you type and when an abbreviation is noticed itautomatically replaces the abbreviation with the content, providedthat the rules are satisfied.
This is only a basic description the program. More advanced snippetscan include date and time arithmetic, scripts, fill-in forms withdrop-down menus and optional sections, etc. Because of this,TextExpander is one of a core set of utilities that I install on everyMac I work on (and every iOS device).
Snippet Suggestion
In TextExpander 5.0, released in May 2015, Smile added a new featurecalled “Suggestions” whereby TextExpander will automatically suggestnew snippets based on things you frequently type. This raises obviousprivacy and security concerns, which are addressed as follows in theTextExpander 5.1 documentation:
Privacy Details
TextExpander observes your keystrokes, as well as the contents ofthe pasteboard when you Paste using ⌘V.
TextExpander will track how many times you repeat the same group ofcharacters and create a new suggestion after a certain amount ofrepetition. However, it does not save the tracking of what you typeso the tracking is lost with each TextExpander restart. Therefore,frequent restarting of TextExpander won’t result in manysuggestions. None of what you type is saved by TextExpander exceptfor the snippets listed in the Suggested snippets group.
“Tracking” does not mean TextExpander keeps a list of the actualcharacters you type. Instead, it keeps an encoded record (called a“hash”) of that group of characters, similar to the way a passwordis securely stored so that no one reading it knows what it is. Youmight type “yourpetsname” but what TextExpander sees and records is“1739405847385.”
Source:TextExpander 5.1 Help.
After reading this, I was fully reassured about any potential securityrisks. If TextExpander only keeps an encoded record of what I typeand that record doesn’t persist across restarts, then I assumed itonly kept the information in memory and that nothing would be storedin the cloud.
Insecure Text Input and Snippet Suggestion
There are measures in place to prevent TextExpander from storingpotentially sensitive text, like passwords. However, on my system itstill managed to occasionally suggest a passwords as new snippets.I admit to being slightly terrified every time a notification poppedup to suggest that I add one of my important, paranoia-grade passwordsas a snippet, but at least they weren’t being stored in plain textanywhere, or so I thought.
To understand why TextExpander was able to see my passwords in thefirst place, it helps to know a little more about how text input in amodern OS X application works. Developers can flag certain textfields for secure text input (e.g., password fields that don’t displaywhat you type). The operating system won’t allow TextExpander to seewhat you type in those fields and therefore it could not feasiblysuggest snippets based on that input. Applications such as 1Passwordand Safari (for properly written web forms) have no problem properlyflagging secure text fields.
In other cases, it’s nearly impossible for OS X to know when securetext is being requested. Consider a terminal emulator like Terminalor iTerm 2, or a programmable text editor like Emacs. Theseapplications can run arbitrary, cross-platform code that is notspecifically written for OS X and hence does not flag secure textentry in the way that OS X recognizes. Consider logging in to aremote server via SSH on the command line. When you type yourpassword in the terminal, unless your terminal emulator is in the listof excluded apps, TextExpander will take note that you typed a certainstring, one that happens to be your password. If you do that oftenenough and you have snippet suggestion turned on, then your passwordbecomes a suggested snippet. Therefore, one has to be careful toexclude all applications where passwords and other sensitiveinformation might be entered but not marked as secure text. Primaryexamples are Terminal, iTerm 2, Emacs, and so on.
Suggested Snippet Storage and Synchronization
It turns out that suggestions are stored in plain text in an XML filein the TextExpander settings bundle (a directory called
Settings.textexpandersettings
). The file is namedgroup_<uuid>.xml
, where <uuid>
is a long string of numbers andletters, and is associated with the “Suggested Snippets” group.Furthermore, if you have sync enabled (via Dropbox, iCloud, etc.) thenthese suggestions also sync in plain text. Because I have Dropboxsync enabled, the group_<uuid>.xml
file is stored on Dropbox. As anexample, in the Settings.textexpandersettings
directory in myDropbox account, I found the following entry in an XML file:![Textexpander 5 0 Textexpander 5 0](https://i.ytimg.com/vi/6WdZA0ttYDE/maxresdefault.jpg)
Notice this section in particular:
Indeed, rather than
REDACTED
the value of the plainText
key wasactually one my most important passwords–all 47-characters in full,plain text glory.In retrospect, I should have been much more vigilant in many ways. Ishould have excluded any apps that might result in insecure text beingadded as a snippet. The terminal entry weakness wasn’t obvious to meat first though. It also wasn’t obvious to me that the suggestedsnippets were being synchronized across machines because there tend tobe a large number of suggestions to filter through and, since I typesimilar things on multiple machines, some similarities across machinesare to be expected.
While I still think the documentation on suggested snippets andprivacy is incomplete and potentially misleading, here is a morethorough description of the behavior I received from Smile support: Bettertouchtool 2 422 – customize multi touch trackpad gestures like.
The help text you cited refers to the tracking of keystrokes up tothe point at which a suggestion is made. Once a suggestion is made,yes, it is stored in the settings in plain text. TextExpanderremembers the suggestions it’s found for later, so as to not keepsuggesting them again. The Help text may need clarification, but inessence it is exactly true. The log of all keystrokes (tracking) isdiscarded and only suggestions are kept.
Clean Up and Prevention
If this happened to you as well and you want to clean things up,try the following:
Textexpander 5 0 3
- Disable snippet suggestion in the TextExpander for any apps thatmight not flag all secure text entry by adding them to the list of excluded apps, as discussed above.
- Note the name of the XML file in your settings bundle correspondingto the “Suggested Snippets” group. You’ll need to find this fileon the Dropbox website later. This step can be tricky since Finderhides the contents of the setting bundle by default.One option is to control-click the bundle in finder and click“Show package contents”. Then preview the
group_<uuid>.xml
files until you find the one containing<key>name</key>
followedby<string>Suggested Snippets</string>
.Another option, if you’re comfortable on the command line, is tocd
to theSettings.textexpandersettings
directory andgrep
for'Suggested Snippets'
to find the right file. For example: - Turn off snippet suggestions in the TextExpander preferencesand delete the Suggested Snippets group.
- The previous step should delete the corresponding XML file, butyou’ll also want to remove the Dropbox version history for thefile. On the Dropbox website, navigate to the settings bundle andclick the trashcan icon to show deleted files. Command-click (orright click) the deleted XML file and click “Permanently delete”.
- Optionally, re-enable snippet suggestion.