Clipboard snooping still rife across many popular iOS apps

Apple's Universal Clipboard works across iPhone and Mac

As part of the new features arriving in iOS 14 and iPadOS 14 this fall, Apple included a number of measures designed to help increase the privacy of user data. One of those features will alert users to whenever an app attempts to access the clipboard, in order to educate users of the types of apps that can potentially access their data.

The feature prompted reports referencing allegations uncovered in March that apps like TikTok frequently accessed the clipboard and grabbed content, even when the app was put in the background. TikTok has since publicly relented, claiming it was a spam-reduction feature that was triggering the mechanism, and that it had been removed in an updated version of the app submitted for App Store approval.

However, while TikTok is the highest-profile app that was caught out back in March, other apps found to be doing the same thing at the time are continuing the practice. In a report by Ars Technica, 54 from a collection of 56 found by researchers Tommy Mysk and Talal Haj Bakry were still reading the clipboard.

The list of apps includes many popular titles, including social apps like Weibo and Zoosk, news apps including NPR and Fox News, games such as Fruit Ninja and three different versions of Bejeweled, and others such as Accuweather and Hotels.com.

Only two apps had altered their behavior, with 10% Happier: Meditation and Hotel Tonight doing so shortly after the original report circulated. While TikTok had promised action at the time, it failed to make any changes that stopped the snooping.

The clipboard is intended to be a way for users to provide apps with data for use in an intended way, though its real functionality isn't always as users may intend it. Apps have the ability to pull data stored in a clipboard, which means there is the possibility it could be accessing data not intended for use by it if it conducts such snooping.

With the addition of the Universal Clipboard across the Apple ecosystem, such apps offer the further risk of pulling data from the clipboard that wasn't even added from the device it is installed on. For example, text copied on a Mac could be read by a clipboard-snooping app on an iPhone.

"It's very, very dangerous," said Mysk on Friday. "These apps are reading clipboards, and there's no reason to do this. An app that doesn't have a text field to enter text has no reason to read clipboard text."

Mysk added the work by the researchers is being credited for the creation of the iOS 14 clipboard notification feature.