Laughing at Apple for allowing apps unrestricted clipboard access
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
TikTok App to Stop Accessing User Clipboards After Being Caught in the Act by iOS 14
- Thread starter MacRumors
- Start date
- Sort by reaction score
Civilization is a very thin veneer and bubbling away underneath is xenophobic tendencies that can easily metastasize when times are bad. Three-quarters of whites in the US don't have any non-white friends. Just think about that.
[automerge]1593147581[/automerge]
That's exactly what I said.
Last edited:
Great features. I don't use such sneaky apps - I guess... I hope... - but I do copy/paste a lot of my passwords from 1Password... I may have to find another way till iOS 14 T_T
The one legit use I've seen is for package tracking apps like UPS, FedEx, and Deliveries, which can say things like, "it looks like there's a UPS package tracking ID on your clipboard, would you like to track it?", but even that is just a convenience, not really necessary.
Last edited:
Yeah, as much as I hate to say it, maybe this should be yet another pop up to allow apps to read the clipboard. Or maybe just disable it entirely. The only app I can think of that uses this legitimately is Deliveries, which after you’ve copied a tracking number and open the app, senses you have a tracking code in your clipboard and prompts you to create a new delivery based on it and figures out what carrier it is.
If that's the only practical way of achieving data transfer, then that implies that the available APIs are flawed. Is there not a key-value store that apps can use to share data? An app should not be able to snoop into what could well be private information that the end user assumes to be safe. Your app's functionality should not come at the expense of user's data security.
One strategy around this could be for clipboard peeking, e.g. providing an API where applications can check for specific types of data, e.g. URL, 10-digit string, etc., and then having the operating system prompt the user: "AppName would like to copy the tracking ID from your clipboard. Accept/Deny". Limitations could be in place to prevent an app trying checks that were too specific or peeking too frequently. That would provide both something the user can understand while providing security to the clipboard content.
Developer here, we need access cause things like copy paste can mean anything. Your clipboard might be a file, picture or video. Not just simple text. So we have to program how to accept those formats. It’s probably why apple now added the banner aboutthe clipboard. Also to note, there are two types of clipboards. A global one and app specific one. App specific one allows things like erasing after pasting. Kind of like one password.
Then you’re naive.
[automerge]1593149696[/automerge]
Let not blow this thing out of proportion? Do you know what people usually copy to clipboard? Their passwords.
Just because you trust Chrome, it’s fine? Chrome is a major part of the problem. I remember the 1st time I used it years ago and I’m astounded that there were still some parts of it running on my PC even though I explicitly exited the app.
Last edited:
You know, you give privacy-aware people a bad name with that kind of attitude. If you want to prove something, go snoop the traffic coming from the app and see if it includes your pasteboard. Easy to do given the right basic tools, and if they still use plain HTTP like reported before (lol), you don't even need to bother with a spoofed root certificate.
I write apps. Sometimes I avoid laziness but can feel its tug. This is the kind of behavior someone would add out of laziness. This is the same app that didn't even bother with HTTPS, and that's an egregious corner to cut.
Last edited:
They're against the Chinese government, not the Chinese people, and certainly not against people of Chinese origin.
No app on any OS has any business accessing the clipboard, unless the user takes the action to paste to the app. Apple needs to implement security controls that allow the user to control this, like it does with location data.
The dot should have been red though. Like any other cameras recording indicator.
Wow, this is genuinely shocking. I would not have believed all these new security features were necessary without seeing how rampant this kind of behaviour is.
Slow your roll on the racist accusations. No one is blaming Chinese people. It's the Chinese Government that is in the crosshairs.
Like I said, naive.
Just because you’re lazy doesn’t mean everyone is.
And in case you haven’t noticed, they themself said it’s “the feature” for spam protection lol.
Last edited:
Chances are not many, aside from the ones that were given access and are using it when needed depending on functionality.
Ultimately the difference is that microphone and camera access require approval and can be controlled.
Google's seemed to see this issue as well. Google's Android does this by restricting access to clipboard data to input method editors (AKA keyboards). Foreground apps that have focus will also be able to access the clipboard, but background apps won't.
I have a few app on the app store and when I first started I put google analytics in them. It was fascinating seeing which countries and local areas people were using my apps, especially in real time. After about a month the novelty wore off. A few years later when the privacy thing amped up a bit I just stripped it all out. There is no real reason to collect this data especially at the cost of losing customers that may think their data is somehow being sold on.
Oh please. Germany caught US spys with the pants down spying on German companies. Everybody spies on everybody. Don’t be naive.
It's almost like that would be a way better way to spend resources than some new Memoji features. So much for valuing privacy.
