14 DAY TRIAL // Not a long time ago, a duo of developers discovered that a series of apps for iOS silently access the clipboard every time they are launched.
In other words, Talal Haj Bakry and Tommy Mysk found out that many apps installed on iPhones, including several with millions of downloads from the App Store, actually get access to anything that’s copied to the clipboard, no matter if it’s sensitive data or not.
And because so many people copy super-important things to the clipboard, including passwords for their accounts, the privacy concerns were pretty obvious.
As a matter of fact, even users who rely on password managers to protect their passwords were affected. Enpass, which is one of the most popular cross-platform password managers, automatically clears the clipboard after 30 seconds when users copy passwords from the app. In other words, if you copy a password from Enpass, the clipboard is automatically reset after half a minute.
But if in that half a minute you launch one of the apps accessing the clipboard, the password is still exposed, as the developers mentioned above discovered.
Apple is finally resolving this issue with the release of iOS 14, and the preview build that was shipped to developers earlier this week provides us with a closer look at the whole thing. But for now, Apple only warns users that their data is accessed, without actually allowing them to block this from happening. So further improvements in this regard are needed, as for the time being, dedicated controls to restrict clipboard access do not exist.
So what iOS 14 does is introduce a warning when an app reads the content in the clipboard. When such an app is launched, you should see a warning at the top of the screen that reads the following:
[App] pasted from [app]
More specifically, if you copied content from Messages and then you launch AccuWeather, one of the apps that apparently access your clipboard, the message looks like this:
AccuWeather pasted from Messages
As said, there’s not much you can do right now, as iOS doesn’t provide users with advanced controls to block access to the clipboard. Most likely, this is something that’s in the works behind the closed doors at Apple, and sooner or later it should be added to the operating system.
For now, however, a video published by Ryan Jones on YouTube and also embedded here, shows that quite a surprising number of apps available on iOS actually access the clipboard without users knowing about it. And the new feature in iOS 14 preview helps us determine the apps doing this.
A post on reddit has a comprehensive list of the apps caught reading clipboard data, and these include the Wall Street Journal, Reuters, New York Times, TikTok, PUBG Mobile, Fruit Ninja, Viber, Weibo, AccuWeather, Hotels.com, and The Weather Network.
On the other hand, it’s important to understand that not all apps that do this are evil, and in some cases, accessing the content in the clipboard is actually a key feature.
For example, a package tracking app needs access to the clipboard just in case you previously copied a tracking code, so when launching the app, it automatically pastes the content and then looks for your package. The same for certain apps that can read links and open them without any additional input.
Of course, there are also apps that shouldn’t access clipboard data by any means, so now that the warning is coming to iPhones, the next step for the company is to actually provide the necessary controls to block the whole thing.