Popular iPhone and iPad Apps Reportedly 'Snooping' on Pasteboard Data

According to new research by Talal Haj Bakry and Tommy Mysk, dozens of popular iOS apps are reading the contents of the pasteboard without user consent, which could include sensitive information.

pasteboard screenshot

The investigation discovered that many popular apps, such as TikTok, 8 Ball Pool™, and Hotels.com, quietly read any text found in the pasteboard every time the app is opened.

iOS and iPadOS apps have unrestricted access to the system-wide pasteboard, also known as the clipboard, as of iOS 13.3.

Text left in the pasteboard may be inconsequential, but it could also be highly sensitive data such as passwords or financial information. The potential security risks of this vulnerability have previously been investigated by Bakry and Mysk, where they found that precise location information was leaking through the system pasteboard.

A diverse range of apps, from popular games and social networking apps, to news apps of major news organizations such as Fox News or The Wall Street Journal, were examined using standard Apple development tools. Many of these apps do not provide any UI that manages text, yet they read the text content of the pasteboard every time they are opened.

It is also of note that if Universal Clipboard is enabled, an app may also access whatever has been copied on a Mac.

What exactly these apps do with the contents of the pasteboard once they have read it is unknown.

Tag: iOS 13

Top Rated Comments

Mascots Avatar
21 months ago
I assume we'll get an additional permissions dialog to cover this soon.

It can be useful: in many instances, apps will read the pasteboard to determine if a URL or other information (like numbers related to their services) were copied from the browser so the app can shortcut a response to that data. One of my favorite instances is Deliveries: If you have a copied tracking number or link, it'll ask and can automatically start the adding process for you.

But I also get how allowing anyone to freely read it can be a major issue.
Score: 23 Votes (Like | Disagree)
BWhaler Avatar
21 months ago
Apple should just have a policy that any action like this, which takes customer data in a way which is not part of the core experience and not intuitive to the user based on the nature of the app will result in an immediate and lifetime ban.

all this crap would stop. Otherwise, if it’s just rule after rule, but in a culture of stealing personal data, Apple will never catch up.. App publishers will think of ways around the rules or do something not covered yet by a rule—like stealing clipboard info. Just make it a death sentence for your business if you steal customer data will result in a lifetime ban. Then it will stop—at least from the big companies.

It’s like the government Rico statues. Very broad but allows any type of organized crime to be prosecuted.

ive deleted every app I don’t absolutely need on my phone. I now don’t download apps just to play with for awhile because I don’t know what tricks they play with my data and how they track me. And no, a privacy policy which no human reads doesn’t solve the problem.

And I don’t want tons of security dialogs and privacy settings which take time and constant surveillance to monitor. It’s facebook’s dirty trick, and iOS privacy settings are becoming equally cumbersome.

As more and more apps become spyware in ways consumers cannot imagine, it will kill the core of the app economy.
Score: 20 Votes (Like | Disagree)
ghanwani Avatar
21 months ago
I do not trust a single app nowadays. Especially on iOS, iPadOS, watchOS. (As opposed to macOS. Android apps are at another level of badness.)

Why?

Most companies are too cheap to hire the skills to develop their app from scratch. So they outsource the development to 3rd parties who use code from all over the place without even knowing what it does. So even if the company putting the app out doesn’t have malicious intent, in reality they themselves have no idea what the app really does beneath the hood.

Look at apps from even reputable companies like AT&T and Comcast and they are so buggy and have such a poor, unfriendly UI, you know they are orphan projects within the company with tiny budgets and little oversight.

Kind of like Apple “discovering” that one of its suppliers is using child labor, because they have no idea what is really going on at their outsourced partners.
Score: 17 Votes (Like | Disagree)
apfelbaum Avatar
21 months ago
I would like to see an option in the iOS settings to clear the pasteboard on a regular basis. If I copy something in one app and paste it in another app I don’t need that content anymore, so have it being cleared for example every 30 seconds would be no problem for me.
Score: 16 Votes (Like | Disagree)
Porco Avatar
21 months ago
I would welcome a system-wide default to restrict all reading of the copy/paste buffer to be purely manually-instigated by the user, always. I have often thought this was a potential issue and behaved accordingly, but I don’t think it’s something the average user should have to worry about, the default should be to block reading it unless given specific, informed permission.
Score: 9 Votes (Like | Disagree)
redgreenski Avatar
21 months ago
That is why I try to use as much Apple apps as possible. And everything else done within the browser.
Score: 9 Votes (Like | Disagree)

Related Stories

studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
YouTube Picture in Picture Feature

YouTube Premium Subscribers Can Now Use iOS Picture-in-Picture: Here's How

Wednesday August 25, 2021 3:55 am PDT by
Google has rolled out picture-in-picture support as an "experimental" feature for YouTube premium subscribers, allowing them to watch video in a small window when the app is closed. If you're a premium YouTube subscriber looking to try out picture-in-picture, follow these steps: Launch a web browser and sign into your YouTube account at YouTube.com. Navigate to www.youtube.com/new. Scroll...
M1X MBP Feature

Leaker: Upcoming MacBook Pro to See Price Hike Over Current Model, Equal Performance Across 14 and 16-Inch Sizes

Tuesday August 24, 2021 5:28 am PDT by
The upcoming 14-inch MacBook Pro is set to be more expensive than the current 13-inch MacBook Pro and both the 14 and 16-inch models will offer the same performance, according to the leaker known as "Dylandkt." The leaker shared the information on Twitter, explaining that both of the upcoming MacBook Pro models, expected to come in 14 and 16-inch sizes, will feature the same performance due...
youtube apple tv

YouTube Discontinuing 3rd-Generation Apple TV App, AirPlay Still Available

Wednesday February 3, 2021 3:09 pm PST by
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option. A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
ryanscoolios13thumbnail

Apple Releases iOS 13.1.3 With Bug Fixes for Phone, Mail, Health, and More

Tuesday October 15, 2019 10:09 am PDT by
Apple today released iOS 13.1.3 and iPadOS 13.1.3, minor updates to the iOS 13.1.2 software that was released two weeks ago. This is the fourth update to the iOS 13 operating system that came out in September. The iOS and iPadOS 13.1.3 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings > General > Software Update....
Top Stories 75 Thumbnail

Top Stories: Last-Minute iPhone 13 Rumors, Apple Announces App Store Changes, and More

Saturday September 4, 2021 6:00 am PDT by
The finish line is in sight! Apple's annual iPhone event is likely just a week or so away and all eyes will be on the company as it unveils the next version of its most popular product line. With any luck, we'll also see the next-generation Apple Watch and perhaps even some new AirPods. Other news this week saw Apple making some more changes to its App Store policies in response to a...
affinity designer contour tool

Serif Updates Affinity Photo, Designer, and Publisher With New Tools and Functions

Thursday February 4, 2021 1:58 am PST by
Serif today announced across-the-board updates for its popular suite of Affinity creative apps, including Affinity Photo, Affinity Designer, and the Apple award-winning Affinity Publisher for Mac, all of which were among the first professional creative suites to be optimized for Apple's new M1 chip. "After another year which saw record numbers of people switching to Affinity, it's exciting to...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...
maxresdefault

Craig Federighi and Greg Joswiak Discuss iPadOS 15, macOS Monterey, Privacy, Shortcuts on Mac, and More

Saturday June 12, 2021 6:12 am PDT by
As is tradition, Apple executives Craig Federighi and Greg Joswiak joined Daring Fireball's John Gruber in an episode of The Talk Show to discuss several announcements that Apple made over this weeks WWDC, including iPadOS 15, macOS Monterey, and a large focus around privacy. Federighi kicks off the conversation discussing the common architecture, now thanks to Apple silicon, across all of...
iOS 14 on iPhone feature emergency

Apple Seeds Third Betas of iOS and iPadOS 14.6 to Developers [Update: Public Beta Available]

Monday May 10, 2021 10:13 am PDT by
Apple today seeded the third betas of new iOS and iPadOS 14.6 updates to developers for testing purposes, one week after seeding the second iOS and iPadOS 14.6 updates. iOS and iPadOS 14.6 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS and iPadOS 14.6 appear to be more minor changes focusing on...