Just to clear things up, it seems like the bug grants the "Full Access" permission to 3rd party keyboards which allows them to make network requests (phone home) based on what you are typing while you have that specific keyboard opened. It doesn't grant the keyboards full access to anything on your iPhone, which is what the title makes it sound like.
edit: Here is a link to the Apple support article, which is a little clearer: https://support.apple.com/en-us/HT210613
Edit: my bad, this is not true, thanks for correcting. Still, only available for a few languages, so doesn't fully replace Gboard for all situations.
> QuickPath language support: Support for English, Simplified Chinese, Spanish, German, French, Italian, and Portuguese is now included. 
Turns out it's not under Keyboard settings, it's under the language settings for your phone itself.
When I switched to it I felt so liberated from the tyranny of autocorrect mistakes.
Now we find that a much more severe issue with unexpectedly granting third party keyboards Full Access is yet to be fixed. Shouldn’t this issue take higher priority (not implying that the same teams work on all security issues)? This seems like a betrayal of trust. Nobody would expect a third party keyboard to get Full Access and transmit all keystrokes over the network unless they granted that permission.
Is Apple now planning to release iOS 13.1.1 or iOS 13.2 by September 30 with the fix for this and some more fixes for stability?
It seems like the beta testing cycle still going on for iOS 13.0.
Apple has focused on better performance over the last two years and shown good results (older devices don’t slow down as much with newer iOS releases as in the distant past), but stability and security both seem to have taken a hit within Apple’s technical abilities and processes, as is evident from the revelations, from Google’s Project Zero and others, in the last few months or so.
I’m still unclear why the contacts DB isn’t class A data (eg wrapped by a key that is only available when the device is actually unlocked), I assume it’s perf related.
Anyway, feel free to say “accessing contacts from lock screen is a bug”, but for the keyboard stuff you need to compare to the android equivalents, which IIRC are even worse :-/
It probably has to do with the actual phone part of the device. When you receive a call while locked, you can’t show the contact name associated with that number if the contacts are locked behind the lock screen.