There's an application that can record every keystroke you've ever typed on your smartphone, even an iPhone. It's not a sinister Trojan, or an evil keylogger. It's simply the database that the phone draws on to supply AutoComplete results. You can't dig in and see the keystrokes yourself, but at the RSA Conference security vendor StrikeForce Technologies demonstrated that external software can read back that database and thus read out every text or email you've sent and, more important, every password you've typed.
StrikeForce makes the GuardedID anti-keylogger tool for PCs. At the conference they're announcing MobileTrust, a similar solution for all Apple and Android mobile devices. As with GuardedID, MobileTrust encrypts communication between the keyboard and your sensitive applications. No keystrokes go into the AutoComplete database, so your secrets are safe.