Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,979
34,771


reddit-ios-app-200x200.jpg
The Reddit app has become the latest iOS app to be caught clipboard snooping, or accessing the contents of devices' clipboards without user permission.

"We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL," a Reddit spokesperson told The Verge. "We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th."

Several popular third-party apps have been called out for surreptitiously copying the clipboard, thanks to a feature in iOS 14 beta that alerts users when apps attempt to do so. Apps that have been caught reading user clipboards for no discernible reason include LinkedIn, TikTok, Twitter, Starbucks, Overstock, and more.

LinkedIn said the clipboard copying behavior of its app is a bug and a fix is in the works. TikTok claimed the clipboard access was used as fraud detection to identify "repetitive, spammy behavior," and subsequently released an iOS update to remove it.


Ahead of the release of ‌iOS 14‌ beta, two developers issued a report alerting users that ‌iPhone‌ and iPad apps were accessing clipboard content behind the scenes. Apple's new ‌iOS 14‌ feature was added in response, and there's no longer a way for apps to quietly read the clipboard without users being alerted to the fact.

Until iOS 14 is released to the public, users who are concerned about clipboard snooping are advised to overwrite their clipboard's contents after they've used it to paste sensitive information like passwords, credit cards, bank account information, crypto keys, and so on. This can be done simply by highlighting a word on any web page or in any app and selecting "Copy" in the pop-up menu.


Article Link: Reddit to Release Fix for iOS App to Remove Clipboard Copying Behavior
 
Last edited:
  • Like
Reactions: Jimmy James
Love how they all call it a „bug“ when it’s probably been there since it was launched in the App Store

It could very well be a bug. Some of my own Mac apps started saying they wanted to read keystrokes from every single application.. my apps have not business nor care what you type into another app. Turned out to be a small fix.
 
Until iOS 14 is released to the public, users who are concerned about clipboard snooping are advised to overwrite their clipboard's contents after they've use it to paste sensitive information like passwords, credit cards, bank account information, crypto keys, and so on. This can be done simply by highlighting a word on any web page or in any app and selecting "Copy" in the pop-up menu.

That only helps if you only have an iPhone. If you have a Mac and “continuity” (universal clipboard) then it would be a good idea also to turn it off. Otherwise an app may snoop of the contents of the Mac clipboard
 
People keep saying things like "I can't see any reason to allow apps to have clipboard access". Well, you need to think harder then.

Apples own apps do things such as reading SMS messages from Apple, to get 2FA codes for logging in, so you don't need to copy and paste that data. Other apps don't have as deep linking capabilities that Apples ones do, but in an attempt to recreate it, they have used clipboards. I have a parcel tracking app - if I copy a tracking number from an email and then open Parcel, it auto-fills the details with the tracking number from the clipboard. So there's one use for it, on one app I have. How many others are doing cool things?

Also I do buy the Tik-Tok anti-spam excuse. Twitter, Facebook and other such apps are absolutely filled the brim with bot. By detecting keystrokes you can work out if it's a bot of a person typing. Bots probably don't type letter by letter - a person does. A person types at inconsistent pacing, whilst a bot would be perfect. A person would use the backspace key for mistakes, etc etc. It's comparing what the person is typing to the clipboard to try and work out if it's a person, and if it's a person, are they just pasting spam messages in constantly.

Don't get me wrong - I'm not saying apps should all have this access to the clipboard. But with just a tiny bit of thought, it's quite easy to see how and why apps are doing this. But the practice should stop and move onto better ways of doing things.
 
‘after they've used it to paste sensitive information like passwords, credit cards, bank account information, crypto keys, and so on.‘ or just don’t do the action, so they can’t be clipboarded. As with a lot of things it’s a convenience factor.
 
People keep saying things like "I can't see any reason to allow apps to have clipboard access". Well, you need to think harder then.

Apples own apps do things such as reading SMS messages from Apple, to get 2FA codes for logging in, so you don't need to copy and paste that data. Other apps don't have as deep linking capabilities that Apples ones do, but in an attempt to recreate it, they have used clipboards. I have a parcel tracking app - if I copy a tracking number from an email and then open Parcel, it auto-fills the details with the tracking number from the clipboard. So there's one use for it, on one app I have. How many others are doing cool things?

Also I do buy the Tik-Tok anti-spam excuse. Twitter, Facebook and other such apps are absolutely filled the brim with bot. By detecting keystrokes you can work out if it's a bot of a person typing. Bots probably don't type letter by letter - a person does. A person types at inconsistent pacing, whilst a bot would be perfect. A person would use the backspace key for mistakes, etc etc. It's comparing what the person is typing to the clipboard to try and work out if it's a person, and if it's a person, are they just pasting spam messages in constantly.

Don't get me wrong - I'm not saying apps should all have this access to the clipboard. But with just a tiny bit of thought, it's quite easy to see how and why apps are doing this. But the practice should stop and move onto better ways of doing things.

Well said, it’s probably all a lot less malicious than it seems. It could even be that there are some negative consequences in terms of app experience due to the hysteria.
 
That's some impressive bug-work going on there. They've managed to accidentally type all this code to constantly check the clipboard's contents without meaning to.

Swift:
NotificationCenter.default.addObserver(self, selector: #selector(pasteboardUpdated), name: UIPasteboard.changedNotification, object: nil)

@objc func pasteboardUpdated(){
   if let stolenData = UIPasteboard.general.string {
       //Insert code here to steal clipboard contents...
   }
}
 
It doesn't bother me if the app reads the clipboard so long as it just does so for processing local to the app. If it sends the contents outside the app then I have an issue. iOS 14 not only doesn't differentiate between the two (maybe it can't) but it doesn't even allow you to stop the activity; it just tells you its happening.
 
Let's call this what it actually is. It's a key logger the way they're capturing the contents of a clipboard which can often house very sensitive information like passwords.

I really don't see a practical use case for this behaviour and the fact that Apple never mentioned this new feature coming to iOS 14 and how it's exposed all of these apps is just perfect... 🤣
 
I'm no iOS coder, though many moons ago I used to dabble in various forms of basic from the early 8-bit days, thru to visual basic with GUI on the PC's

Can someone explain to me what's happening here.
I mean, from my viewpoint, you can't accidentally program something to keep copying what's in the clipboard.
Code does not write itself, you have to work hard to get anything to work correctly when coding a program.

Or, is this not actually as suspect as it seems, and due to Apple's coding platforms, libraries and such like, doing one thing you want to, can actually cause things like clipboard data copying to simply happen as it's just part of some pre-build routine or library you used, and it was just happening without you, as a coder realizing or wanting it to happen?
 
The check itself sounds perhaps reasonable, but only once when first start entry, not during every keystroke.
 
Well said, it’s probably all a lot less malicious than it seems. It could even be that there are some negative consequences in terms of app experience due to the hysteria.

This needs to become a permission "App XYZ wants to monitor your clipboard" so that we can make a choice which apps to trust with our clipboards, and which not. This has been raised on the Apple forums, Reddit etc for eons.

Frankly this should have been done like a decade ago.
 
Last edited:
Still waiting for Microsoft to sort Teams out, as it checks with every keystroke.....
 
How does this affect Password apps? Does this pose a security risk?

Doesn't 1Password copy the password to the clipboard before filling in the login fields?



reddit-ios-app-200x200.jpg
The Reddit app has become the latest iOS app to be caught clipboard snooping, or accessing the contents of devices' clipboards without user permission.

"We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL," a Reddit spokesperson told The Verge. "We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th."

Several popular third-party apps have been called out for surreptitiously copying the clipboard, thanks to a feature in iOS 14 beta that alerts users when apps attempt to do so. Apps that have been caught reading user clipboards for no discernible reason include LinkedIn, TikTok, Twitter, Starbucks, Overstock, and more.

LinkedIn said the clipboard copying behavior of its app is a bug and a fix is in the works. TikTok claimed the clipboard access was used as fraud detection to identify "repetitive, spammy behavior," and subsequently released an iOS update to remove it.


Ahead of the release of ‌iOS 14‌ beta, two developers issued a report alerting users that ‌iPhone‌ and iPad apps were accessing clipboard content behind the scenes. Apple's new ‌iOS 14‌ feature was added in response, and there's no longer a way for apps to quietly read the clipboard without users being alerted to the fact.

Until iOS 14 is released to the public, users who are concerned about clipboard snooping are advised to overwrite their clipboard's contents after they've used it to paste sensitive information like passwords, credit cards, bank account information, crypto keys, and so on. This can be done simply by highlighting a word on any web page or in any app and selecting "Copy" in the pop-up menu.


Article Link: Reddit to Release Fix for iOS App to Remove Clipboard Copying Behavior
 
This needs to become a permission "App XYZ wants to monitor yorr clipboard" so that we can make a choice wwhich apps to trust with our clipboards, and which not. This has been raised on the Apple forums, Reddit etc for eons.

Frankly this should have been done like a decade ago.

But if you accept there's a legitimate requirement for this functionality (or else why does "privacy-centric" Apple even allow it?) and combine that with the general knee-jerk reaction of many users on here, supposedly the more tech-savvy of iOS users, isn't there a danger that people are just going to disallow this because they can't perceive any need, then moan that App XYZ doesn't work properly? If Apple are going to start introducing permission prompts like this, they need to allow the developer to include an explanation in the prompt as to why their app needs it to allow informed decisions to be made by the user.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.