Popular iPhone and iPad Apps Reportedly 'Snooping' on Pasteboard Data

According to new research by Talal Haj Bakry and Tommy Mysk, dozens of popular iOS apps are reading the contents of the pasteboard without user consent, which could include sensitive information.

pasteboard screenshot

The investigation discovered that many popular apps, such as TikTok, 8 Ball Pool™, and Hotels.com, quietly read any text found in the pasteboard every time the app is opened.

iOS and iPadOS apps have unrestricted access to the system-wide pasteboard, also known as the clipboard, as of iOS 13.3.

Text left in the pasteboard may be inconsequential, but it could also be highly sensitive data such as passwords or financial information. The potential security risks of this vulnerability have previously been investigated by Bakry and Mysk, where they found that precise location information was leaking through the system pasteboard.

A diverse range of apps, from popular games and social networking apps, to news apps of major news organizations such as Fox News or The Wall Street Journal, were examined using standard Apple development tools. Many of these apps do not provide any UI that manages text, yet they read the text content of the pasteboard every time they are opened.

It is also of note that if Universal Clipboard is enabled, an app may also access whatever has been copied on a Mac.

What exactly these apps do with the contents of the pasteboard once they have read it is unknown.

Tag: iOS 13

Top Rated Comments

Mascots Avatar
12 months ago
I assume we'll get an additional permissions dialog to cover this soon.

It can be useful: in many instances, apps will read the pasteboard to determine if a URL or other information (like numbers related to their services) were copied from the browser so the app can shortcut a response to that data. One of my favorite instances is Deliveries: If you have a copied tracking number or link, it'll ask and can automatically start the adding process for you.

But I also get how allowing anyone to freely read it can be a major issue.
Score: 23 Votes (Like | Disagree)
BWhaler Avatar
12 months ago
Apple should just have a policy that any action like this, which takes customer data in a way which is not part of the core experience and not intuitive to the user based on the nature of the app will result in an immediate and lifetime ban.

all this crap would stop. Otherwise, if it’s just rule after rule, but in a culture of stealing personal data, Apple will never catch up.. App publishers will think of ways around the rules or do something not covered yet by a rule—like stealing clipboard info. Just make it a death sentence for your business if you steal customer data will result in a lifetime ban. Then it will stop—at least from the big companies.

It’s like the government Rico statues. Very broad but allows any type of organized crime to be prosecuted.

ive deleted every app I don’t absolutely need on my phone. I now don’t download apps just to play with for awhile because I don’t know what tricks they play with my data and how they track me. And no, a privacy policy which no human reads doesn’t solve the problem.

And I don’t want tons of security dialogs and privacy settings which take time and constant surveillance to monitor. It’s facebook’s dirty trick, and iOS privacy settings are becoming equally cumbersome.

As more and more apps become spyware in ways consumers cannot imagine, it will kill the core of the app economy.
Score: 20 Votes (Like | Disagree)
ghanwani Avatar
12 months ago
I do not trust a single app nowadays. Especially on iOS, iPadOS, watchOS. (As opposed to macOS. Android apps are at another level of badness.)

Why?

Most companies are too cheap to hire the skills to develop their app from scratch. So they outsource the development to 3rd parties who use code from all over the place without even knowing what it does. So even if the company putting the app out doesn’t have malicious intent, in reality they themselves have no idea what the app really does beneath the hood.

Look at apps from even reputable companies like AT&T and Comcast and they are so buggy and have such a poor, unfriendly UI, you know they are orphan projects within the company with tiny budgets and little oversight.

Kind of like Apple “discovering” that one of its suppliers is using child labor, because they have no idea what is really going on at their outsourced partners.
Score: 17 Votes (Like | Disagree)
apfelbaum Avatar
12 months ago
I would like to see an option in the iOS settings to clear the pasteboard on a regular basis. If I copy something in one app and paste it in another app I don’t need that content anymore, so have it being cleared for example every 30 seconds would be no problem for me.
Score: 16 Votes (Like | Disagree)
Porco Avatar
12 months ago
I would welcome a system-wide default to restrict all reading of the copy/paste buffer to be purely manually-instigated by the user, always. I have often thought this was a potential issue and behaved accordingly, but I don’t think it’s something the average user should have to worry about, the default should be to block reading it unless given specific, informed permission.
Score: 9 Votes (Like | Disagree)
redgreenski Avatar
12 months ago
That is why I try to use as much Apple apps as possible. And everything else done within the browser.
Score: 9 Votes (Like | Disagree)

Top Stories

whatsapp privacy banner

WhatsApp Reveals What Happens to Users Who Don't Agree to Upcoming Privacy Policy Changes

Sunday February 21, 2021 1:11 am PST by
WhatsApp has revealed how it will gradually limit the features available to accounts held by users who do not accept the platform's impending privacy policy changes, due to come into effect on May 15. WhatsApp's new banner explaining the privacy policy changes According to an email seen by TechCrunch to one of its merchant partners, WhatsApp said it will "slowly ask" users who have not yet...
new airpods leaked image 52audios

Alleged Leaked Image Claims to Show Third-Generation AirPods and Case

Sunday February 21, 2021 2:49 am PST by
A new image claims to offer our first real world look at Apple's next-generation AirPods. The image, shared by 52audio, showcases both AirPods and the charging case for what the site claims to be the third iteration of the wireless earbuds. 52audio has in the past shared images claiming to showcase different parts of the third-generation AirPods. Most notably, the site in November shared...
2021 mbp sd slot feature2

Kuo: New MacBook Pro Models With HDMI Port and SD Card Reader to Launch Later This Year

Monday February 22, 2021 8:52 pm PST by
Apple plans to release two new MacBook Pro models equipped with an HDMI port and SD card reader in the second half of 2021, according to analyst Ming-Chi Kuo, who outlined his expectations in a research note obtained by MacRumors. The return of an SD card reader was first reported by Bloomberg's Mark Gurman last month. "We predict that Apple's two new MacBook Pro models in 2H21 will have...
mac security privacy

Apple Takes Step to Prevent Further Spread of 'Silver Sparrow' Malware on Macs

Monday February 22, 2021 6:13 am PST by
Over the weekend, we reported on the second known piece of malware compiled to run natively on M1 Macs. Given the name "Silver Sparrow," the malicious package is said to leverage the macOS Installer JavaScript API to execute suspicious commands. After observing the malware for over a week, however, security firm Red Canary did not observe any final payload, so the exact threat to users remains a...
iphone 12 pro display video

BOE Rumored to Supply iPhone 13 Display Panels After iPhone 12 Failures

Monday February 22, 2021 9:54 am PST by
Display manufacturer BOE will be one of the main suppliers of OLED panels for iPhone 13 models, according to a new report today from Taiwan's Economic Daily News. BOE is said to be working with touch panel manufacturer General Interface Solution (GIS), part of the Hon Hai Group to develop OLED panels. Multiple iPhone 12 rumors suggested that BOE would supply some panels for the devices,...
pink squares macos

Apple Investigating Issue With 'Pink Squares' Appearing on Displays Connected to M1 Mac Mini

Sunday February 21, 2021 11:08 am PST by
In an internal memo this week, obtained by MacRumors, Apple informed service providers that it is aware of and investigating an issue that may result in "pink squares or pixels" appearing on displays connected to an M1 Mac mini. Image via Twitter user @FatihVidyograf This issue has been reported by users across the Apple Support Communities, MacRumors Forums, and Reddit since the M1 Mac mini...
Top Stories 47 Feature

Top Stories: More iOS 14.5 Beta Changes, iPhone 13 Rumors, Apple Watch Charging Issue Fixed

Saturday February 20, 2021 6:00 am PST by
Apple is continuing to tweak things during the iOS 14.5 beta testing period, and it looks like there will be some nice changes coming in the update when it's released to the public in a month or so. This week also saw the release of a watchOS bug fix update for Series 5 and Series SE owners, addressing a serious issue where their watches may not charge after entering Power Reserve mode,...
google chrome macos big sur

Chrome Used 10X More RAM Than Safari on macOS Big Sur in Recent Test [Updated]

Saturday February 20, 2021 12:52 pm PST by
Under normal and lightweight web browsing, Google Chrome uses 10x more RAM than Safari on macOS Big Sur, according to a test conducted by Flotato creator Morten Just (via iMore). In a blog post, Just outlines that he put both browsers to the test in two scenarios on the latest version of macOS. The first test was conducted on a virtual machine, and the second on a 2019 16-inch MacBook Pro...
m1 mac mini

M1 Mac Users Report Excessive SSD Wear

Tuesday February 23, 2021 7:07 am PST by
Over the past week, some M1 Mac users have been reporting alarming SSD health readings, suggesting that these devices are writing extraordinary amounts of data to their drives (via iMore). Across Twitter and the MacRumors forums, users are reporting that M1 Macs are experiencing extremely high drive writes over a short space of time. In what appear to be the most severe cases, M1 Macs are sai...
maxresdefault

Revisiting Apple's MagSafe Leather Wallet After 3 Months of Usage

Saturday February 20, 2021 8:04 am PST by
Back in November when Apple's MagSafe-compatible Leather Wallet first launched, MacRumors videographer Dan took a look at the accessory and ended up disliking it because of the weak magnetic connection. Dan kept using the Leather Wallet despite its flaws, and after three months with the accessory, his opinion has changed and he wanted to share some new thoughts on it. Subscribe to the ...