Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Popular iPhone and iPad Apps Reportedly 'Snooping' on Pasteboard Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
There's also a bit or irony in the fact that this serves to increase the exposure of users who prefer to use 3rd party apps, because of the kludges needed to redirect pointers away from Apple's apps, because it won't allow user-defined app defaults.
Don't want to open a mailto: or URL in Mail or Safari? It needs to be clipped and pasted into the app you do want to use to handle it.
Snooping enough pasteboard data can profile and reveal an anonymous person and their relations to other people which can then be sold to interested parties such as private investigators, people search databases, marketers, scammers, etc.
Last edited:
"I do not trust a single app nowadays. Especially on iOS, iPadOS, watchOS. (As opposed to macOS."
Yet, the article clearly indicated that the clipboard is accessible to apps on the Mac, too!
As to those saying this isn't anything new, it certainly seems to be. There's a huge difference between a Universal Clipboard that is resident on the device -- which we've used for years and from which one manually pastes the content of into a text field when one desires vs. one that is available to be read by *any* app on the device.
The difference is manual pasting by user intervention vs. apps being able to read -- on their own -- and, then, transmit -- without the user's knowledge -- whatever's there.
Apple needs to turn off *all* apps' access to the clipboard -- in the sense of permitting them to read from it. Pasting into a text field, if the user decides to do that, is the only thing that should be allowed.
And, I agree with another commenter -- even if the iOS SDKs use the term "pasteboard", it has been the *clipboard* from the earliest days of the Mac -- and what most users grew up with or learned it was called!
That also makes more sense as it's where a *clipping* is stored. A pasteboard has a different definition entirely: "a type of thin board made by pasting together sheets of paper" (from NOAD on all Macs and i-devices).
Yet, the article clearly indicated that the clipboard is accessible to apps on the Mac, too!
As to those saying this isn't anything new, it certainly seems to be. There's a huge difference between a Universal Clipboard that is resident on the device -- which we've used for years and from which one manually pastes the content of into a text field when one desires vs. one that is available to be read by *any* app on the device.
The difference is manual pasting by user intervention vs. apps being able to read -- on their own -- and, then, transmit -- without the user's knowledge -- whatever's there.
Apple needs to turn off *all* apps' access to the clipboard -- in the sense of permitting them to read from it. Pasting into a text field, if the user decides to do that, is the only thing that should be allowed.
And, I agree with another commenter -- even if the iOS SDKs use the term "pasteboard", it has been the *clipboard* from the earliest days of the Mac -- and what most users grew up with or learned it was called!
That also makes more sense as it's where a *clipping* is stored. A pasteboard has a different definition entirely: "a type of thin board made by pasting together sheets of paper" (from NOAD on all Macs and i-devices).
good info and advice from @cynics in this MacRumors thread:
forums.macrumors.com
Universal Clipboard
thanks for your post. so, you have said: on iOS: 1 any app running in the foreground has access to clipboard text; and can even use that text even if i don't overtly paste that text into that app 2 any app not even open but which has Background App refresh set to on has access to...
forums.macrumors.com
I haven't used Uber in over two years, as I tend to use Lyft. I was talking about Uber for maybe 4-5 minutes recently and mentioned it several times while my phone was in my pocket. I got a notification at the tail end of the conversation, which was a notification from my Uber app, which wasn't open, hadn't been opened in years. Try it sometime. Talk about an app or a product for a few minutes or mention it throughout. your day, you will be amazed at what starts to pop up.
I realize Apple can't read source code for every app, but they know about some of this stuff. There should be brutal consequences for software developers that do this - as in, banned from the App Store forever.
I realize Apple can't read source code for every app, but they know about some of this stuff. There should be brutal consequences for software developers that do this - as in, banned from the App Store forever.
pretty sure you don’t know what you’re talking about here w.r.t. 3rd party libraries/frameworks. As for cheap? are you one of those people who complains when a dev wants to charge you a subscription for software? Or charges you more than 99 cents for sn app plus upgrades in perpetuity?
right.
its more scary that people know that companies are spying on them yet they don't care...
Can people avoid using apps like Google Maps? When you copy an address and go to G Maps search bar, it’ll auto fill what’s in your clip board as the first recommendation.
I’m not too concerned about this as clipboard data itself is often fragmented and has no useful contexts. But I do agree Apple to implement consent control of this just like they do for location data.
Even some of Apple's own apps do this. Xcode (a MacOS app); when you open the find/replace feature, it populates it with whatever text is in the clipboard.
[automerge]1584344049[/automerge]
Because that's how clipboards are meant to work. You wouldn't be able to cut and paste from one app to another if they didn't.
I think the bigger issue is handoff pasteboard where you copy something on a computer and then app snoops and reads whats in your pasteborad. As a developer I often copy bits of code, environment keys and often fairly private data. Then when you launch apps like PUBG Mobile, you can see screen like this pretty often. Glad this is finally getting some attention.
I think there should be confirmation screen if I wanna paste something from handoff device. And or we should be able to disable access to clipboard for some abusive apps.
I think there should be confirmation screen if I wanna paste something from handoff device. And or we should be able to disable access to clipboard for some abusive apps.
Attachments
1P clears the clipboard after 90 seconds provided it is still running (ie it hasn’t been manually closed or ejected from memory by iOS).
It doesn’t copy anything to the clipboard if you’re using iOS’ password entry function.
This is not new, but it can have serious consequences.
You don't know what the app will do with your data. It may naturally be transmitted to their servers (for example, querying an API to parse that pasteboard context as an address). There, your data makes its way to the logs. Which live... potentially forever. And this may be even accessible to more people than your ordinary stored online data. Probably rather unencrypted.
This makes your passwords, usernames, encryption stuff, API keys, tokens, source code, private letters, email addresses, basically *anything* potentially available to an unknown audience.
You don't know what the app will do with your data. It may naturally be transmitted to their servers (for example, querying an API to parse that pasteboard context as an address). There, your data makes its way to the logs. Which live... potentially forever. And this may be even accessible to more people than your ordinary stored online data. Probably rather unencrypted.
This makes your passwords, usernames, encryption stuff, API keys, tokens, source code, private letters, email addresses, basically *anything* potentially available to an unknown audience.
I personally like the Universal Clipboard for its convenience. That said, I don’t think it’s be a bad idea to have an API or app signature where a developer could flag that data being copied is likely to be sensitive, and then have the OS prompt when that data is accessed either in the background by another app or when the user pastes into a different app. Password managers and financial apps would be two categories where I feel anything copied could be served by having a confirmation before that data can be retrieved.
Obviously that wouldn’t catch all scenarios like note taking apps or browsers, but it could help with some especially high risk examples. I’d also prefer an API approach to asking users to maintain two clipboards or anything like that manually or requiring all copy and paste tasks to require authorisation, which would be annoying.
Obviously that wouldn’t catch all scenarios like note taking apps or browsers, but it could help with some especially high risk examples. I’d also prefer an API approach to asking users to maintain two clipboards or anything like that manually or requiring all copy and paste tasks to require authorisation, which would be annoying.
As soon as some app on Android comes into focus (for example when you open TikTok) - it can access the Clipboard. This is still open to abuse, just less discreet about it.
But widgets on both iOS and Android are a special case, indeed.
This feels like a non-story.
I know several applications, specifically 3rd party social media clients, will check your pasteboard to see if you have a link to a tweet/reddit thread/etc and ask if you want to open it.
There should probably be a specific permission request for this, but to pretend all of these companies are being nefarious is disingenuous.
I know several applications, specifically 3rd party social media clients, will check your pasteboard to see if you have a link to a tweet/reddit thread/etc and ask if you want to open it.
There should probably be a specific permission request for this, but to pretend all of these companies are being nefarious is disingenuous.
re original article
sounds creepy man
another weapon in analytics arsenal being the new big brother
not cool
sounds creepy man
another weapon in analytics arsenal being the new big brother
not cool
1Password will check the clipboard contents before you copy a password to the clipboard and then copy the password -- but after a period of time it will restore the previous clipboard contents if the password is still in the clipboard.
1. Get clipboard contents....
2. Place password "ABC#123" in clipboard
3. Set timer...
4. Timer goes off
5. Check clipboard contents
6. If clipboard contents are still "ABC#123" then restore previous clipboard contents