Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Clipboard snooping still rife across many popular iOS apps

Apple's Universal Clipboard works across iPhone and Mac

The clipboard-snooping antics of apps isn't limited to just TikTok, as it has been discovered over 50 apps that were found to be accessing data from the iOS clipboard in March were continuing the practice months later.

As part of the new features arriving in iOS 14 and iPadOS 14 this fall, Apple included a number of measures designed to help increase the privacy of user data. One of those features will alert users to whenever an app attempts to access the clipboard, in order to educate users of the types of apps that can potentially access their data.

The feature prompted reports referencing allegations uncovered in March that apps like TikTok frequently accessed the clipboard and grabbed content, even when the app was put in the background. TikTok has since publicly relented, claiming it was a spam-reduction feature that was triggering the mechanism, and that it had been removed in an updated version of the app submitted for App Store approval.

However, while TikTok is the highest-profile app that was caught out back in March, other apps found to be doing the same thing at the time are continuing the practice. In a report by Ars Technica, 54 from a collection of 56 found by researchers Tommy Mysk and Talal Haj Bakry were still reading the clipboard.

The list of apps includes many popular titles, including social apps like Weibo and Zoosk, news apps including NPR and Fox News, games such as Fruit Ninja and three different versions of Bejeweled, and others such as Accuweather and Hotels.com.

Only two apps had altered their behavior, with 10% Happier: Meditation and Hotel Tonight doing so shortly after the original report circulated. While TikTok had promised action at the time, it failed to make any changes that stopped the snooping.

The clipboard is intended to be a way for users to provide apps with data for use in an intended way, though its real functionality isn't always as users may intend it. Apps have the ability to pull data stored in a clipboard, which means there is the possibility it could be accessing data not intended for use by it if it conducts such snooping.

With the addition of the Universal Clipboard across the Apple ecosystem, such apps offer the further risk of pulling data from the clipboard that wasn't even added from the device it is installed on. For example, text copied on a Mac could be read by a clipboard-snooping app on an iPhone.

"It's very, very dangerous," said Mysk on Friday. "These apps are reading clipboards, and there's no reason to do this. An app that doesn't have a text field to enter text has no reason to read clipboard text."

Mysk added the work by the researchers is being credited for the creation of the iOS 14 clipboard notification feature.



16 Comments

dws-2 22 Years · 277 comments

I think a bigger story is that most apps include libraries from Google and Facebook and many others, which among other things, collect as much information as possible about you. I suspect that's where a lot of the clipboard access is coming from. The "good" thing is that they don't care about passwords; hey just want to figure out what you're doing and interested in so they can sell better ads. For example, if you copy the name of a restaurant to search in maps, they can peak and sell some restaurant ads of similar places.

Rayz2016 8 Years · 6957 comments

Bejeweled!
Fruit Ninja!

Deleted.

dws-2 said:
I think a bigger story is that most apps include libraries from Google and Facebook and many others, which among other things, collect as much information as possible about you. I suspect that's where a lot of the clipboard access is coming from. The "good" thing is that they don't care about passwords; hey just want to figure out what you're doing and interested in so they can sell better ads. For example, if you copy the name of a restaurant to search in maps, they can peak and sell some restaurant ads of similar places.

Why am I not surprised. 

https://9to5mac.com/2020/06/25/tiktok-to-stop-reading-user-clipboards-after-being-exposed-by-ios-14-privacy-feature/

Seems that Google News does it too.

GoogleGuy incoming!

longpath 20 Years · 401 comments

Does iOS14 merely alert to the practice, or does it give a way to block it?

rotateleftbyte 12 Years · 1630 comments

Apple could use one or a few of the most popular apps as an example of them flouting the App Store rules and throw them out.
Sadly that would just give more ammo to those wanting Apple to open up the App Store so that it is as virus/malware ridden as the Play Store. With all this Anti-trust stuff going on as well, Apple needs to tread carefully.
At the very least, a list of the offenders should be made public. Then we the users can make an informed decision about the apps we keep on our devices.

agilealtitude 6 Years · 165 comments

Apps should be given a ‘three strikes, you’re out’ tolerance. 

Once a sinister feature is found, the app gets immediately suspended, and the developer has 10 days to remedy. 

On the third occurrence, an Android-exclusive it becomes!!