Popular iPhone and iPad Apps Reportedly 'Snooping' on Pasteboard Data

According to new research by Talal Haj Bakry and Tommy Mysk, dozens of popular iOS apps are reading the contents of the pasteboard without user consent, which could include sensitive information.

pasteboard screenshot

The investigation discovered that many popular apps, such as TikTok, 8 Ball Pool™, and Hotels.com, quietly read any text found in the pasteboard every time the app is opened.

iOS and iPadOS apps have unrestricted access to the system-wide pasteboard, also known as the clipboard, as of iOS 13.3.

Text left in the pasteboard may be inconsequential, but it could also be highly sensitive data such as passwords or financial information. The potential security risks of this vulnerability have previously been investigated by Bakry and Mysk, where they found that precise location information was leaking through the system pasteboard.

A diverse range of apps, from popular games and social networking apps, to news apps of major news organizations such as Fox News or The Wall Street Journal, were examined using standard Apple development tools. Many of these apps do not provide any UI that manages text, yet they read the text content of the pasteboard every time they are opened.

It is also of note that if Universal Clipboard is enabled, an app may also access whatever has been copied on a Mac.

What exactly these apps do with the contents of the pasteboard once they have read it is unknown.

Tag: iOS 13

Popular Stories

space black mbp

Apple Potentially Facing Worst Leak Since iPhone 4 Was Left in a Bar

Monday October 7, 2024 3:03 pm PDT by
Alleged photos and videos of an unannounced 14-inch MacBook Pro with an M4 chip continue to surface on social media, in what could be the worst product leak for Apple since an employee accidentally left an iPhone 4 prototype at a bar in California in 2010. The latest video of what could be a next-generation MacBook Pro was shared on YouTube Shorts today by Russian channel Romancev768, just...
Alleged M4 MacBook Pro Leak Video

Alleged M4 MacBook Pro Unboxing Video Reveals These Four Upgrades

Sunday October 6, 2024 6:10 pm PDT by
An alleged unboxing video for an unannounced 14-inch MacBook Pro with the M4 chip was uploaded to YouTube today by Russian channel Wylsacom. The video was later linked to on social media platform X by Bloomberg's Mark Gurman. It is possible that this is the same MacBook Pro box shown in photos that were shared by leaker ShrimpApplePro in late September, as he claimed that this MacBook Pro...
watchos 11 vitals

Apple Watch Users Report Vitals App Detecting Illness Before Symptoms Appear

Monday October 7, 2024 5:34 am PDT by
Apple's new Vitals app for watchOS 11 appears to be impressing some users with its ability to detect potential illness days before symptoms manifest, according to recent reports on Reddit. The Apple Watch app, which analyzes key health metrics measured during sleep over the last seven days, appears to be providing early warnings of impending sickness for at least some Apple Watch wearers...
iPad mini review thumb

iPad Mini 7 Coming Next Month: What to Expect

Tuesday October 8, 2024 6:16 am PDT by
Rumors strongly suggest Apple will release the seventh-generation iPad mini in November, nearly three years after the last refresh. Here's a roundup of what we're expecting from the next version of Apple's small form factor tablet, based on the latest rumors and reports. Design and Display The new iPad mini is likely to retain its compact 8.3-inch display and overall design introduced with...
iPhone 17 Slim Feature Single Camera 2

10 Reasons to Wait for Next Year's iPhone 17

Tuesday October 8, 2024 5:45 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
Generic iOS 18

Everything New in iOS 18.1 Beta 6

Monday October 7, 2024 4:27 pm PDT by
We're nearing the end of the iOS 18.1 beta testing process, but Apple is continuing to make tweaks to refine built-in features ahead of when the software launches. With testing winding down, there are fewer new additions, but Apple has made changes worth noting. The new beta is available for both developers and public beta testers. Control Center In the Control Center, Apple has added new...
M4 Real Feature Red

Gurman: Apple to Launch First M4 Macs and Potentially iPad Mini 7 on November 1

Sunday October 6, 2024 6:40 am PDT by
Apple will announce several new M4 Mac models around the end of October, with the company planning to launch at least some of them as soon as Friday, November 1, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman said that Apple will launch a new M4 version of its low-end 14-inch MacBook Pro, as well as higher-end 14-inch and 16-inch MacBook Pro models...
apple tv 4k yellow bg feature

Waiting for a New Apple TV? Here's What the Latest Rumors Say

Tuesday October 8, 2024 8:57 am PDT by
The current Apple TV was released two years ago this month, so you may be wondering when the next model will be released. Below, we recap rumors about a next-generation Apple TV. In January 2023, Bloomberg's Mark Gurman reported that a new Apple TV was planned for release in the first half of 2024:Beyond the future smart displays and new speaker, Apple is working on revamping its TV box....

Top Rated Comments

Mascots Avatar
60 months ago
I assume we'll get an additional permissions dialog to cover this soon.

It can be useful: in many instances, apps will read the pasteboard to determine if a URL or other information (like numbers related to their services) were copied from the browser so the app can shortcut a response to that data. One of my favorite instances is Deliveries: If you have a copied tracking number or link, it'll ask and can automatically start the adding process for you.

But I also get how allowing anyone to freely read it can be a major issue.
Score: 23 Votes (Like | Disagree)
BWhaler Avatar
60 months ago
Apple should just have a policy that any action like this, which takes customer data in a way which is not part of the core experience and not intuitive to the user based on the nature of the app will result in an immediate and lifetime ban.

all this crap would stop. Otherwise, if it’s just rule after rule, but in a culture of stealing personal data, Apple will never catch up.. App publishers will think of ways around the rules or do something not covered yet by a rule—like stealing clipboard info. Just make it a death sentence for your business if you steal customer data will result in a lifetime ban. Then it will stop—at least from the big companies.

It’s like the government Rico statues. Very broad but allows any type of organized crime to be prosecuted.

ive deleted every app I don’t absolutely need on my phone. I now don’t download apps just to play with for awhile because I don’t know what tricks they play with my data and how they track me. And no, a privacy policy which no human reads doesn’t solve the problem.

And I don’t want tons of security dialogs and privacy settings which take time and constant surveillance to monitor. It’s facebook’s dirty trick, and iOS privacy settings are becoming equally cumbersome.

As more and more apps become spyware in ways consumers cannot imagine, it will kill the core of the app economy.
Score: 20 Votes (Like | Disagree)
ghanwani Avatar
60 months ago
I do not trust a single app nowadays. Especially on iOS, iPadOS, watchOS. (As opposed to macOS. Android apps are at another level of badness.)

Why?

Most companies are too cheap to hire the skills to develop their app from scratch. So they outsource the development to 3rd parties who use code from all over the place without even knowing what it does. So even if the company putting the app out doesn’t have malicious intent, in reality they themselves have no idea what the app really does beneath the hood.

Look at apps from even reputable companies like AT&T and Comcast and they are so buggy and have such a poor, unfriendly UI, you know they are orphan projects within the company with tiny budgets and little oversight.

Kind of like Apple “discovering” that one of its suppliers is using child labor, because they have no idea what is really going on at their outsourced partners.
Score: 17 Votes (Like | Disagree)
apfelbaum Avatar
60 months ago
I would like to see an option in the iOS settings to clear the pasteboard on a regular basis. If I copy something in one app and paste it in another app I don’t need that content anymore, so have it being cleared for example every 30 seconds would be no problem for me.
Score: 16 Votes (Like | Disagree)
Porco Avatar
60 months ago
I would welcome a system-wide default to restrict all reading of the copy/paste buffer to be purely manually-instigated by the user, always. I have often thought this was a potential issue and behaved accordingly, but I don’t think it’s something the average user should have to worry about, the default should be to block reading it unless given specific, informed permission.
Score: 9 Votes (Like | Disagree)
redgreenski Avatar
60 months ago
That is why I try to use as much Apple apps as possible. And everything else done within the browser.
Score: 9 Votes (Like | Disagree)