iOS 15 Includes Secure Paste Feature That Hides the Clipboard From Developers

iOS 15 has multiple significant privacy-focused improvements such as new protections in the Mail app to prevent tracking, an App Privacy section that shows you how often apps access sensitive information like location, and on-device Siri processing, but there are also some smaller but equally important changes.

tiktokclipboard
One of these updates is a new Secure Paste function for developers, which can be built into apps. With this feature implemented, users can paste something from a different app, with the content of what's copied hidden unless it's pasted into the developer's own app.

If secure paste is implemented, users can copy and paste from one app to another without being alerted through the clipboard notification that was introduced in iOS 14, giving them peace of mind that what they've copied is secure.

This feature sounds complicated, but it stems from a major privacy issue that surfaced last year. Back in March 2020, it came to light that many iPhone and iPad apps were "snooping" on pasteboard data, as developers could access whatever was on the pasteboard without the user being aware.

Apps like TikTok, Hotels.com, Reddit, Zillow and others could see whatever a user copied from another app, which was a concern because sometimes sensitive information like a password is copied.

Apple addressed this issue in iOS 14 by implementing a small banner that notifies you whenever an app accesses the clipboard, which means apps can no longer see the clipboard without your knowledge. ‌iOS 15‌ takes it further with the secure paste feature that prevents developers from seeing the clipboard entirely unless you opt to copy something from one app and paste it into the app you're actively using.

With secure paste, developers can let users paste from a different app without having access to what was copied until the user takes action to paste it into their app. When developers use secure paste, users will be able to paste without being alerted via the pasteboard transparency notification, helping give them peace of mind.

After Apple first implemented the iOS 14 feature to unveil when apps were accessing the clipboard, many apps were found to be copying the clipboard on a frequent basis, though some apps like TikTok claimed that this was a mistake.

Related Roundups: iOS 15, iPadOS 15
Related Forum: iOS 15

Top Rated Comments

mazz0 Avatar
14 months ago
What a confusingly written article. I still have no idea what this feature means.
Score: 12 Votes (Like | Disagree)
FSMBP Avatar
14 months ago
I must be 100% naive because before iOS 14, I had no idea apps could 'see' what I had in my clipboard. Unless I pasted something, why should the app have access?

Edit: Grammar, spelling, carelessness.
Score: 6 Votes (Like | Disagree)
alexkli Avatar
14 months ago
To clarify what’s happening as far as I understand it:

1. In the old days before iOS 14 the clipboard api was completely open. Once an app ran it could read what was on the clipboard using some “read clipboard” api. Users could not see this happening it at all.

2. After some malicious use cases where detected, Apple made a simple change with iOS 14 where it would show a banner to the user whenever an app calls the “read clipboard” api. That was all, apps could still read the clipboard if they wanted, it simply started to become noticeable.

3. Now with iOS 15 Apple is adding a new alternative clipboard api. This new api means apps can’t read the clipboard when they want but only after a user clicks on “paste”. This is actually what is done in modern browsers with the javascript clipboard api. It requires an active user interaction where the user knowingly says “yes, I want to paste this into the app”. Afterwards the app has that piece of content. But it prevents it from reading it without user interaction. It seems this is opt-in for apps, as probably Apple can’t change the behavior of the existing clipboard api to be more restrictive without breaking too many (good) apps out there.

For a user that means to treat that banner as a warning of something bad happening. “Good” apps should be switching to the new api going forward, so that user interaction is always required and that banner never pops up. Also wouldn’t be surprised if Apple might disable the old api entirely in a few years.
Score: 6 Votes (Like | Disagree)
Apple_Robert Avatar
14 months ago

I was under the impression that password apps like 1Password already worked this way? For instance, on my Mac, I can paste something from 1Password but it doesn’t show up in the clipboard of the Paste app, which manages the clipboard. Another thing 1Password does by default is it clears your pasteboard a minute or so after you copy something from it (by default).
1Password is the exception because they made that action part of their app by default.
Score: 4 Votes (Like | Disagree)
mazz0 Avatar
14 months ago

From what I saw...

1) If you copy material from the current app you are using, the developer of the app has no way to see what you copied.

2) If you copy material from one app and paste it into another app, the app being used will be able to see what you copied from the clipboard.

The way I interpreted it, it means...

1) App ABC can't read what's on your clipboard directly...

2) ...UNLESS that clipboard content was copied from app ABC. E.G. If you copy something from app XYZ, app ABC can't read it.

I believe pasting into input fields works fine, but the app won't be able to read your clipboard directly without action on your part. E.G. if you paste into a search field, the app can read the search field, but it can't gain access to your clipboard content directly unless that content came from the same app.
To be honest I’m still unclear.

Let’s see what Apple says: (https://www.apple.com/newsroom/2021/06/apple-advances-its-privacy-leadership-with-ios-15-ipados-15-macos-monterey-and-watchos-8/)


* With secure paste, developers can let users paste from a different app without having access to what was copied until the user takes action to paste it into their app. When developers use secure paste, users will be able to paste without being alerted via the pasteboard transparency notification, helping give them peace of mind.

So, if I’m understanding that correctly, you can set a permission so that your app is not able to see the clipboard except when a user-initiated paste occurs, in which case the notification doesn’t appear.

That’s it? Seems pointless to me. Seeing that notification when I manually-paste is not an inconvenience (in fact it’s a reassuring reminder that that feature exists). In fact given that seeing that notification increases my peace of mind, this change will actual lower it!
Score: 3 Votes (Like | Disagree)
contacos Avatar
14 months ago
Why would THEY decide to actually implement something like that if it isn’t enforced
Score: 3 Votes (Like | Disagree)

Related Stories

iOS App Store General Feature Dock 2

Apple Defends App Store Changes in the Netherlands as Fines Reach €30 Million

Monday February 28, 2022 9:32 am PST by
Amid an ongoing dispute with the Authority for Consumers and Markets (ACM) in the Netherlands over the App Store, Apple has defended its plan to require app developers to submit an additional app binary for the Dutch storefront if they wish to use a third-party payment processing method. The ACM has ruled that Apple must allow dating apps in the Netherlands to use third-party payment...
iOS App Store General Feature JoeBlue

Developers Now Able to Submit Claims for $250 to $30,000 Payments From Apple in Lawsuit Settlement

Friday January 14, 2022 12:24 pm PST by
Apple in August announced plans to pay $100 million to settle a class-action lawsuit levied by U.S. developers, and as of today, the website that will allow developers to submit a claim for a payout has gone live. The $100 million that Apple provided is being distributed as part of a "Small Developer Assistance Fund," and developers can claim between $250 and $30,000 based on their historic...
ios15 mail privacy feature

watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

Tuesday March 15, 2022 6:42 am PDT by
watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's IP address when downloading remote content, security researchers have found. Last year, it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection was a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP...
pubg

PUBG Maker Sues Apple and Google for Not Removing Clone Apps

Thursday January 13, 2022 12:38 pm PST by
Krafton, developer popular online battle game PlayerUnknown's Battlegrounds, or PUBG, has sued Apple, Google, and gaming company Garena over PUBG clone apps that copy PUBG gameplay, reports Reuters. The lawsuit accuses Garena of creating PUBG clones called "Free Fire" and "Free Fire Max," which originated in Singapore and were later released in the United States. Apple and Google are named...
Mac App Store General Feature

Apple's Arguments Against Sideloading on iOS: All Your Questions Answered

Thursday November 11, 2021 10:38 am PST by
Sideloading is a fancy word for downloading an app binary from non-official platforms or the open internet and installing it on a device like a normal app. The practice is allowed on Android, granting users the flexibility of downloading apps from official or non-official app stores and the open internet. The iPhone, on the other hand, is a polar opposite. Since the launch of the App Store...
MAsk On Face ID iOS 15

Everything New in iOS 15.4 and iPadOS 15.4: Face ID With a Mask, Emojis, Apple Card Widget, Universal Control and More

Thursday January 27, 2022 12:08 pm PST by
Apple is working on new iOS 15.4 and iPadOS 15.4 updates for the iPhone and the iPad, adding a slew of new features to the latest iOS operating systems. iOS 15.4 is the biggest update that we've had to iOS 15 to date, and it brings Universal Control, Face ID with a mask, new emojis, and tons more. Subscribe to the MacRumors YouTube channel for more videos. Face ID With a Mask With iOS 15.4,...
yoink mac

Popular Drag-and-Drop Mac App 'Yoink' Gains Configurable Clipboard History Widget and Browser

Monday February 21, 2022 4:52 am PST by
Popular Mac drag-and-drop app Yoink received a substantial update on Monday that brings back a much-improved Yoink clipboard history widget with several highly configurable features. For those unfamiliar with the app, Yoink aims to simplify the action of dragging and dropping files and app-content on the macOS desktop by providing a temporary place for files to be dragged to. Yoink's shelf...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...

Popular Stories

macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
original iphone 2007

15 Years Ago Today, the iPhone Went On Sale

Wednesday June 29, 2022 4:43 am PDT by
Fifteen years ago to this day, the iPhone, the revolutionary device presented to the world by the late Steve Jobs, officially went on sale. The first iPhone was announced by Steve Jobs on January 9, 2007, and went on sale on June 29, 2007. "An iPod, a phone, an internet mobile communicator... these are not three separate devices," Jobs famously said. "Today, Apple is going to reinvent the...
maxresdefault

Video Comparison: M2 MacBook Pro vs. M1 MacBook Pro

Tuesday June 28, 2022 2:45 pm PDT by
Apple last week launched an updated version of the 13-inch MacBook Pro, and it is the first Mac that is equipped with an updated M2 chip. As it's using a brand new chip, we thought we'd pick up the M2 MacBook Pro and compare it to the prior-generation M1 MacBook Pro to see just what's new. Subscribe to the MacRumors YouTube channel for more videos. For the video comparison, we're using the...
iPhone vs Galaxy Larger

Apple Executive Says Samsung Copied the iPhone and Simply 'Put a Bigger Screen Around It'

Tuesday June 28, 2022 8:59 am PDT by
The Wall Street Journal's Joanna Stern today shared a new documentary about the evolution of the iPhone ahead of the 15th anniversary of the device launching on June 29, 2007. The documentary includes an interview with Apple's marketing chief Greg Joswiak, iPhone co-creator Tony Fadell, and a family of iPhone users. One segment of the interview reflects on Android smartphones gaining larger...
iPhone 11 Pro vs iPhone 14 Pro

iPhone 11 Pro vs. 14 Pro: New Features to Expect if You've Waited to Upgrade

Monday June 27, 2022 11:22 am PDT by
With many customers choosing to upgrade their iPhone every two or three years nowadays, there are lots of iPhone 11 Pro users who might be interested in upgrading to the iPhone 14 Pro later this year. Those people are in for a treat, as three years of iPhone generations equals a long list of new features and changes to look forward to. Below, we've put together a list of new features and...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
rootbug

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

Tuesday November 28, 2017 12:33 pm PST by
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check. The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login...