Over the past few weeks, you’ve likely seen a lot of stories. Mobile syrup and others — about apps that access the iOS clipboard. Some people are probably wondering what the big deal is. After all, apps access your clipboard to copy and paste, a tool many of us use regularly.

Unfortunately, not all apps use the clipboard as they should. Much of the recent iOS Clipboard coverage points to two things: iOS 14 and app developer Mysk. In February 2020, Germany-based developer Tommy Masek and Toronto-based developer Talal Haj Bakri shared a blog post explaining how iOS and iPadOS apps There is unlimited access to the clipboard..

The pair highlighted how this access could lead to security risks, such as exposing the exact location of users. For example, if someone copied a photo they took to their iPhone’s clipboard, any app that accessed the clipboard could get the photo and the GPS coordinates when the photo was taken.

Also, depending on how people use their smartphones, other essential data such as passwords, addresses or other information copied to the clipboard can be scraped by apps without the user’s consent.

The blog post includes a disclaimer that Musk submitted the details to Apple in January, but the company told developers it didn’t see a problem with the vulnerability.

However, with the release of iOS 14 beta to developers and later to the public, it became clear that Apple noticed a problem with clipboard access. iOS 14 makes the clipboard work again and notifies users when apps copy data from it.

The story quickly spread from there as beta testers and developers stumbled across multiple apps hoovering data from the clipboard at every opportunity.

Name and shame

When Apple made iOS 14 available to developers, the software prompted what I like to call a ‘name and shame’ campaign. Apple’s latest mobile operating system made two significant changes to the clipboard. A notification to let users know when apps have accessed clipboard data and a new API that makes the clipboard more secure.

That first change was the catalyst for all the recent story-naming apps that abused the clipboard. Thanks to the coverage, it also leads to the ’embarrassing’ aspect of many developers leaving the clipboard features behind.

However, it’s important to note that many apps use the clipboard properly. Moreover, many apps use the clipboard with good intentions. For example, some browser apps on iOS check the clipboard for URLs and offer a quick ‘paste and go’ shortcut. Users can tap the button and go to the copied URL instead of having to open a new tab, tap the address bar and press and hold to paste the URL.

Yet, for all the apps that are doing it right, many don’t. Since late June, people have caught more than 50 apps abusing clipboard access. This can come in many forms, from some apps accessing the clipboard without user interaction to others that constantly check the clipboard for no good reason. Some developers pushed updates to prevent clipboard access, claiming the problems were bugs. We’ve compiled a list of these apps, which you can see below this story.

Presenting a better way.

discord ios clipboard

Along with naming and shaming apps that aren’t using the clipboard properly, Apple updated its clipboard APIs in iOS 14 to better protect user privacy.

When iOS 14 officially arrives later this year, it will allow apps to query the clipboard without seeing its data. Going back to the browser example used above, apps can use the new API to ask iOS what’s in the clipboard.

iOS can then tell the browser whether it contains a URL, text, image, or something else. Also, the software can do without displaying what is in the clipboard.

If iOS says the URL is available, the browser can paste it from the clipboard, triggering a notification and telling the user what happened. If there is no URL, the app does not access the clipboard data, user information is protected and iOS does not notify the user.

While on the surface this is a simple change that will hopefully prevent apps from snooping on users’ clipboards, it may take time for developers to implement proper support in their apps.

How can I protect my clipboard now?

chrome ios clipboard

Unfortunately, for many users, apps will get free rein for the next few months. iOS 13 doesn’t offer the same clipboard protections that iOS 14 will and it also doesn’t notify users when apps access the clipboard.

Thankfully, there are steps people can take to protect themselves. First, keep an eye on apps that are caught accessing the clipboard. If possible, stop using apps caught snooping on clipboard data. Alternatively, access them through a trusted web browser instead of a native iOS app, as native apps have full access to the clipboard.

Those running the iOS 14 beta likely haven’t caught every app engaged in clipboard spying yet. Also, some people will have apps that they still need Snoop on the clipboard to use. So, another proactive step you can take is to avoid copying any sensitive data to your clipboard. If you have to copy something, then take steps to replace it with other information. This will hopefully prevent sensitive data from being leaked to apps that abuse the clipboard.

It’s also worth noting that Apple offers a Cloud Clipboard feature that enables users to copy and paste across iOS, iPadOS, and Mac devices. Clipboard spying apps can also collect data from your laptop or tablet. If you don’t use this feature, you can turn it off by going to ‘System Preferences’ > ‘General’ > ‘Allow handoff between this Mac and your iCloud devices’ and deselecting the option. can close. On your iPhone or iPad, you can turn it off under Settings > General > Handoff.

Finally, if you use a password manager app, avoid copying and pasting your passwords whenever possible. Many support iOS’s autofill settings, which should mean you don’t have to copy and paste passwords manually. Some password managers offer the ability to clear your clipboard after a while, so turn that setting on.

None of these solutions are ideal, but until iOS 14 comes with the new Clipboard API, they’re all we have.

What about Android users?

After reading all this, you may wonder if the clipboard on your Android phone or Windows PC is secure. In short, probably not.

How to Geek Offers a great rundown on accessing the clipboard. On smartphones, any app you install can access the clipboard. in fact, Mesk said Ars Technica That Android is more lenient with the clipboard than iOS, at least until Android 10. Still, while limiting background access to the clipboard is nice, it’s not much of an iOS 13 job. Hopefully Google follows Apple and implements a similar system to iOS 14 on Android.

Laptops running Windows 10 or macOS work a little differently. Many of your installed apps can access the clipboard at will—unfortunately, that part is still the same. However, both desktop operating systems also offer some sort of cloud clipboard feature. As mentioned above, macOS has ‘Universal Clipboard,’ which shares copied data on macOS, iOS and iPadOS. This means that anything you copy will go through Apple’s servers.

windows 10 clipboard settings

Windows 10 has a ‘Clipboard History’ setting that keeps a record of everything you copy and paste. You can access it by tapping Windows+V. If you enable this setting, Windows 10 will sync your clipboard history across devices.

Here is a saving grace websites. Web apps cannot automatically access your clipboard. Users have to manually paste content to access a website.

Regardless of whether you use iOS, Android, or something else, you should be careful about what and how you copy to your clipboard. When possible, avoid copying any sensitive data and use available tools to erase that data.

It might be a good idea to get in the habit of copying non-sensitive data to your clipboard to replace any sensitive data since most clipboards only store the last thing you copied. Anyone who wants to be really cheeky should copy “Stop looking at my clipboard” and let the apps see it whenever they screw up.

Apps that access the clipboard without the user’s consent.

The list of apps below was compiled from a combination of previous reporting and Mobile syrup Check yourself. The list mainly includes apps that copy clipboard data without user interaction, or repeatedly access the clipboard during use. While not every app accessing the clipboard is doing anything wrong, by accessing the data without the user’s consent, those apps are potentially seeing sensitive data.

The list below is not a complete account of apps that use the clipboard. This includes anything the developers have said in response. Sources included. The Telegraph, Ars Technica, MS Power User And Mask.

  • Firefox
  • Google Chrome
  • Disagreement
  • TikTok – said it will update its app.
  • Fox News
  • The New York Times
  • The Wall Street Journal
  • The jeweler
  • Fruit Ninja
  • PUBG Mobile – Clipboard spying stopped.
  • Viber – told Mobile syrup This “disabled” the option to save clipboard data.
  • Weibo
  • Zoosk
  • AccuWeather
  • DAZN – Clipboard spying stopped.
  • Overstock
  • CBC News – Clipboard spying stopped.
  • CBS News – Clipboard spying stopped.
  • ABC News – Stops Clipboard Spying
  • Al Jazeera English – Clipboard spying stopped.
  • CNBC
  • News break
  • NPR
  • Reuters
  • ntv Nachrichten – Clipboard spying stopped.
  • Russia Today
  • Stern Nachrichten
  • The Huffington Post
  • The Economist
  • Vice News
  • 8 ball pool– Clipboard spying stopped.
  • shocked – Clipboard spying stopped.
  • To talk
  • Tok
  • Truecaller – Clipboard spying stopped.
  • Block puzzle
  • Classic Bejeweled – Clipboard spying stopped.
  • Class Bejeweled HD – Clipboard spying stopped.
  • Water marbling
  • Mass murder
  • Tomb of the Mask – Clipboard spying stopped.
  • Tomb of the Mask: Color – Clipboard spying stopped.
  • Philip the Gun
  • Golf Masters
  • Liter of soup – Clipboard spying stopped.
  • Love Nikki.
  • my emma
  • Plants vs Zombies Heroes
  • Poking – Billiard City
  • 10% Happier: Meditation – Promised to stop the behavior and followed through.
  • AliExpress shopping app
  • Bed Bath and Beyond
  • Hotels.com – Clipboard spying stopped.
  • 5-0 Radio Police Scanner – Clipboard spying stopped.
  • Hotel tonight – promised to stay and did.
  • Weather Network – Removed a “diagnostic functionality” that was accessing the clipboard.
  • Coloring – Adult Coloring Book
  • Recolor the coloring book in color – clipboard spying stopped.
  • Sky Ticket
  • Microsoft Teams
  • Call of Duty Mobile
  • Google News
  • LinkedIn – Said clipboard access was a bug, updated its app.
  • Reddit – Released a fix to remove the clipboard access code.
  • McDonald’s – Working to fix the problem.
  • Starbucks – The issue will be fixed in an upcoming update.
  • Wendy’s – A fix is ​​in progress.

Update 07/23/2020 at 1:05 pm: Added more detail about Android’s clipboard situation, including when Android added permission to access the clipboard in the background.

Source link