The Reddit app has become the latest iOS app to be caught clipboard snooping, or accessing the contents of devices' clipboards without user permission.
"We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL," a Reddit spokesperson told The Verge. "We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th."
Several popular third-party apps have been called out for surreptitiously copying the clipboard, thanks to a feature in iOS 14 beta that alerts users when apps attempt to do so. Apps that have been caught reading user clipboards for no discernible reason include LinkedIn, TikTok, Twitter, Starbucks, Overstock, and more.
LinkedIn said the clipboard copying behavior of its app is a bug and a fix is in the works. TikTok claimed the clipboard access was used as fraud detection to identify "repetitive, spammy behavior," and subsequently released an iOS update to remove it.
UPDATE: Seems like Reddit is capturing the clipboard on each keystroke as well Seeing the notification come up just as much. pic.twitter.com/nzbElmRG2a — Don urspace.io (@DonCubed) July 2, 2020
Ahead of the release of iOS 14 beta, two developers issued a report alerting users that iPhone and iPad apps were accessing clipboard content behind the scenes. Apple's new iOS 14 feature was added in response, and there's no longer a way for apps to quietly read the clipboard without users being alerted to the fact.
Until iOS 14 is released to the public, users who are concerned about clipboard snooping are advised to overwrite their clipboard's contents after they've used it to paste sensitive information like passwords, credit cards, bank account information, crypto keys, and so on. This can be done simply by highlighting a word on any web page or in any app and selecting "Copy" in the pop-up menu.
Top Rated Comments
NotificationCenter.default.addObserver(self, selector: #selector(pasteboardUpdated), name: UIPasteboard.changedNotification, object: nil)
@objc func pasteboardUpdated(){
if let stolenData = UIPasteboard.general.string {
//Insert code here to steal clipboard contents...
}
}
Apples own apps do things such as reading SMS messages from Apple, to get 2FA codes for logging in, so you don't need to copy and paste that data. Other apps don't have as deep linking capabilities that Apples ones do, but in an attempt to recreate it, they have used clipboards. I have a parcel tracking app - if I copy a tracking number from an email and then open Parcel, it auto-fills the details with the tracking number from the clipboard. So there's one use for it, on one app I have. How many others are doing cool things?
Also I do buy the Tik-Tok anti-spam excuse. Twitter, Facebook and other such apps are absolutely filled the brim with bot. By detecting keystrokes you can work out if it's a bot of a person typing. Bots probably don't type letter by letter - a person does. A person types at inconsistent pacing, whilst a bot would be perfect. A person would use the backspace key for mistakes, etc etc. It's comparing what the person is typing to the clipboard to try and work out if it's a person, and if it's a person, are they just pasting spam messages in constantly.
Don't get me wrong - I'm not saying apps should all have this access to the clipboard. But with just a tiny bit of thought, it's quite easy to see how and why apps are doing this. But the practice should stop and move onto better ways of doing things.
Frankly this should have been done like a decade ago.