Actually they shouldn't unless they are storing it in Plain text somewhere.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 15 Includes Secure Paste Feature That Hides the Clipboard From Developers
- Thread starter MacRumors
- Start date
- Sort by reaction score
Some apps have a valid reason to access the clipboard programmatically. I’m thinking of Parcel, which uses it to pre-fill the parcel ID.
I don’t see what problem this new feature solves. The banner already stopped sneaky access.
Anyone make sense of this? I read this as 'after' an app has accessed the clipboard....? I find the wording confusing or am I missing something? When/how does it allow you to Prevent the access? Sys prefs?
Either way, allowing all apps to see the contents of the clipboard is unforgivable. It shows a lack of understanding of basic security engineering principles.
Glad to see I'm not the only one confused. Per this moment: is there a way to prevent, via some toggle, apps from viewing your clip/paste actions? Period?
To clarify what’s happening as far as I understand it:
1. In the old days before iOS 14 the clipboard api was completely open. Once an app ran it could read what was on the clipboard using some “read clipboard” api. Users could not see this happening it at all.
2. After some malicious use cases where detected, Apple made a simple change with iOS 14 where it would show a banner to the user whenever an app calls the “read clipboard” api. That was all, apps could still read the clipboard if they wanted, it simply started to become noticeable.
3. Now with iOS 15 Apple is adding a new alternative clipboard api. This new api means apps can’t read the clipboard when they want but only after a user clicks on “paste”. This is actually what is done in modern browsers with the javascript clipboard api. It requires an active user interaction where the user knowingly says “yes, I want to paste this into the app”. Afterwards the app has that piece of content. But it prevents it from reading it without user interaction. It seems this is opt-in for apps, as probably Apple can’t change the behavior of the existing clipboard api to be more restrictive without breaking too many (good) apps out there.
For a user that means to treat that banner as a warning of something bad happening. “Good” apps should be switching to the new api going forward, so that user interaction is always required and that banner never pops up. Also wouldn’t be surprised if Apple might disable the old api entirely in a few years.
1. In the old days before iOS 14 the clipboard api was completely open. Once an app ran it could read what was on the clipboard using some “read clipboard” api. Users could not see this happening it at all.
2. After some malicious use cases where detected, Apple made a simple change with iOS 14 where it would show a banner to the user whenever an app calls the “read clipboard” api. That was all, apps could still read the clipboard if they wanted, it simply started to become noticeable.
3. Now with iOS 15 Apple is adding a new alternative clipboard api. This new api means apps can’t read the clipboard when they want but only after a user clicks on “paste”. This is actually what is done in modern browsers with the javascript clipboard api. It requires an active user interaction where the user knowingly says “yes, I want to paste this into the app”. Afterwards the app has that piece of content. But it prevents it from reading it without user interaction. It seems this is opt-in for apps, as probably Apple can’t change the behavior of the existing clipboard api to be more restrictive without breaking too many (good) apps out there.
For a user that means to treat that banner as a warning of something bad happening. “Good” apps should be switching to the new api going forward, so that user interaction is always required and that banner never pops up. Also wouldn’t be surprised if Apple might disable the old api entirely in a few years.
Sooo....slowly beginning to understand. But will it do this BEFORE you copy/paste or after? After doesn't seem to make much sense to me...
The banner didn't stop sneaky access. It just notified you when it occurred. The new Secure Paste API actually stops sneaky access.
Thank you! Police telling you your backdoor is open as he drives by.....when you're downtown! Horrible Apple!
Yes indeed. When the horror of copy/paste operations emerged some time ago (everybody does it, not just Apple), there was a lot of discussion here about it. And I distinctly recall arguing at the time that the best way that copied data should be made available to an app is if a user directly initiates a paste command into the recipient app.
Sounds like a great move forward.
It’s not sneaky if it pops up telling you it’s happened. It might be unwanted, but it’s not sneaky. Fair enough though, I suppose it makes sense to stop unwanted access (of course that will only happen if they make this the only way to access the clipboard).
Usability. You had a URL in the clipboard, a reddit app would ask you whether to switch to the post in the URL.
i thought i was crazy. I kept rereading it and, yeah, still don't know what it means 🤷🏽♂️
I just ran into that with the Amazon fire stick remote app. So many passwords to type and it wouldn’t let me paste the damned things.
It simply means that, when this feature is used, if the app reads the clipboard it can’t see the contents - the user has to actually paste the contents (i.e. by using “paste” from the little menu popular) for the receiving app to actually see the clipboard contents.
For ordinary clipboard contents, any app can just read it, even if the user hasn’t taken an action to allow it.
Toggle: I assume you mean a toggle per app? Maybe that‘s not possible for some reason due to the way the existing api works, or Apple thinks such a config would be overkill - especially if they have a plan to instead move this to an interaction based approach now.
Prompt: I assume this wouldn‘t work as the existing api to read the clipboard can‘t block to show a prompt, since it was never designed for that.
Was there a connection I missed? Bummer about the ignored bugs, but I was just into a hypothetical pondering. I think the attention that Apple draws to privacy these days is great (even if it’s just for building image…), but one can wonder how less messy the (digital) world would be today if Apple had those same privacy standards back when they were planning to make the first iPhone. I don’t know if they’re bringing too little, but it’s definitely too late…
How do you give that permission ? As far I can see there is nothing stopping you from reading the UIPasteboard current values on iOS 15 - its just that the banner continues to show just like in iOS 14. So that contradicts "developers can let users paste from a different app without having access to what was copied until the user takes action to paste it into their app" AFAIK.
Also the new APIs for detecting patterns have changed semantics but functionality is the same as iOS 14