Popular iPhone and iPad Apps Reportedly 'Snooping' on Pasteboard Data - MacRumors
Skip to Content

Popular iPhone and iPad Apps Reportedly 'Snooping' on Pasteboard Data

According to new research by Talal Haj Bakry and Tommy Mysk, dozens of popular iOS apps are reading the contents of the pasteboard without user consent, which could include sensitive information.

pasteboard screenshot

The investigation discovered that many popular apps, such as TikTok, 8 Ball Pool™, and Hotels.com, quietly read any text found in the pasteboard every time the app is opened.

iOS and iPadOS apps have unrestricted access to the system-wide pasteboard, also known as the clipboard, as of iOS 13.3.

Text left in the pasteboard may be inconsequential, but it could also be highly sensitive data such as passwords or financial information. The potential security risks of this vulnerability have previously been investigated by Bakry and Mysk, where they found that precise location information was leaking through the system pasteboard.

A diverse range of apps, from popular games and social networking apps, to news apps of major news organizations such as Fox News or The Wall Street Journal, were examined using standard Apple development tools. Many of these apps do not provide any UI that manages text, yet they read the text content of the pasteboard every time they are opened.

It is also of note that if Universal Clipboard is enabled, an app may also access whatever has been copied on a Mac.

What exactly these apps do with the contents of the pasteboard once they have read it is unknown.

Tag: iOS 13

Popular Stories

iPhone 18 Pro Deep Red Feature

iPhone 18 Pro Launching in Two Months With These 12 New Features

Friday July 17, 2026 10:39 am PDT by
It is now mid-July, and that means the iPhone 18 Pro and iPhone 18 Pro Max are now just two months away. The devices are expected to look similar to the iPhone 17 Pro and iPhone 17 Pro Max, but there will still be many year-over-year changes, with rumored features including a smaller Dynamic Island, 5G via satellite, and more. Apple is expected to unveil the iPhone 18 Pro, iPhone 18 Pro Max, ...
Apple 2026 Back to School Graphic

Apple's 2026 Back to School Offer Just Went Live in Select Countries

Wednesday July 15, 2026 11:48 am PDT by
Apple's annual Back to School promotion is now live in select countries in Asia, including China, India, Malaysia, the Philippines, Singapore, Taiwan, Thailand, and Vietnam. The offer provides college students and educational staff with a free item with the purchase of an eligible Mac or iPad model. The exact offer varies by country, with options including a pack of four AirTags, AirPods 4,...
iphone 17 cyber

Apple Closes Unlocked iPhone Loophole for T-Mobile and Verizon Financing

Wednesday July 15, 2026 3:20 pm PDT by
Carrier-financed iPhones purchased from Apple will soon be locked to the carrier, ending a workaround customers used to purchase an unlocked iPhone on a payment plan. Until the rule change, buying an iPhone from Apple and opting for financing through Verizon or T-Mobile meant you would get an iPhone not locked to either carrier's network. That's no longer the case, and now iPhones financed...

Top Rated Comments

Mascots Avatar
83 months ago
I assume we'll get an additional permissions dialog to cover this soon.

It can be useful: in many instances, apps will read the pasteboard to determine if a URL or other information (like numbers related to their services) were copied from the browser so the app can shortcut a response to that data. One of my favorite instances is Deliveries: If you have a copied tracking number or link, it'll ask and can automatically start the adding process for you.

But I also get how allowing anyone to freely read it can be a major issue.
Score: 23 Votes (Like | Disagree)
BWhaler Avatar
83 months ago
Apple should just have a policy that any action like this, which takes customer data in a way which is not part of the core experience and not intuitive to the user based on the nature of the app will result in an immediate and lifetime ban.

all this crap would stop. Otherwise, if it’s just rule after rule, but in a culture of stealing personal data, Apple will never catch up.. App publishers will think of ways around the rules or do something not covered yet by a rule—like stealing clipboard info. Just make it a death sentence for your business if you steal customer data will result in a lifetime ban. Then it will stop—at least from the big companies.

It’s like the government Rico statues. Very broad but allows any type of organized crime to be prosecuted.

ive deleted every app I don’t absolutely need on my phone. I now don’t download apps just to play with for awhile because I don’t know what tricks they play with my data and how they track me. And no, a privacy policy which no human reads doesn’t solve the problem.

And I don’t want tons of security dialogs and privacy settings which take time and constant surveillance to monitor. It’s facebook’s dirty trick, and iOS privacy settings are becoming equally cumbersome.

As more and more apps become spyware in ways consumers cannot imagine, it will kill the core of the app economy.
Score: 20 Votes (Like | Disagree)
83 months ago
I do not trust a single app nowadays. Especially on iOS, iPadOS, watchOS. (As opposed to macOS. Android apps are at another level of badness.)

Why?

Most companies are too cheap to hire the skills to develop their app from scratch. So they outsource the development to 3rd parties who use code from all over the place without even knowing what it does. So even if the company putting the app out doesn’t have malicious intent, in reality they themselves have no idea what the app really does beneath the hood.

Look at apps from even reputable companies like AT&T and Comcast and they are so buggy and have such a poor, unfriendly UI, you know they are orphan projects within the company with tiny budgets and little oversight.

Kind of like Apple “discovering” that one of its suppliers is using child labor, because they have no idea what is really going on at their outsourced partners.
Score: 17 Votes (Like | Disagree)
83 months ago
I would like to see an option in the iOS settings to clear the pasteboard on a regular basis. If I copy something in one app and paste it in another app I don’t need that content anymore, so have it being cleared for example every 30 seconds would be no problem for me.
Score: 16 Votes (Like | Disagree)
83 months ago
That is why I try to use as much Apple apps as possible. And everything else done within the browser.
Score: 9 Votes (Like | Disagree)
Porco Avatar
83 months ago
I would welcome a system-wide default to restrict all reading of the copy/paste buffer to be purely manually-instigated by the user, always. I have often thought this was a potential issue and behaved accordingly, but I don’t think it’s something the average user should have to worry about, the default should be to block reading it unless given specific, informed permission.
Score: 9 Votes (Like | Disagree)