These popular iPhone and iPad apps are snooping on data copied to the clipboard
iOS and iPadOS apps have unrestricted access to the system-wide general pasteboard, also referred to as the clipboard. While this could be mundane data such as a shopping list, it could also include sensitive data such as passwords, telephone numbers, or financial details.
People copy all sorts of information to their clipboard. It's something that we've been doing for decades, and it's a practice that's deeply ingrained. While most of that information is likely to be mundane and boring, there are times when we copy important information, such as passwords, telephone numbers, or financial details.
That itself is cause for suspicion, but what makes it even more suspicious is that some of these apps -- games, for example -- do not provide any UI that deals with text, and yet they are accessing the content of the pasteboard every time they're opened.
Note that apps that accesses the iOS or iPadOS pasteboard can also read what has been copied on a Mac if the user has enabled Universal Clipboard.
Interestingly, Bakry and Mysk found that apps can read any data type copied to the pasteboard. The apps that accessed the clipboard on launch only requested text, and ignored other data, such as photos and documents.
The researchers are keen to point out that they do not know what the apps do with the content of the pasteboard, only that they access the data.
The list of apps includes news apps, games, and social media apps, along with more than a dozen miscellaneous apps. Full list available here.
Does Apple see this as a problem? Mysk and the team submitted this issue to Apple at the beginning of the year, but were told that it wasn't an issue.
What do you think? A potential privacy problem, or a non-issue?