It’s been recently revealed that some applications can read iOS clipboard without the user’s permission. This was revealed according to a blog post on Mysk whereby two Developers, Tommy Mysk and Talal Haj Bakry have used XCode to analyze the behavior of about 50 different applications and they got to see that some of those applications examined have access to certain information without the user’s consent.
In case you don’t know what a Clipboard is, it’s simple interface (usually unseen from the GUI) where information such as Text, media files etc gets copied and then saved whilst you’re using it.
So assuming you highlighted a text content, credit card information, password, phone number, address or whatever, they get saved up in the Clipboard or Pasteboard until you paste them and copy another content.
From the report:
We have explored popular and top apps available on the App Store and observed their behavior using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.Mysk
According to Mysk, who contacted iMore with additional information,
The exploit works with all data types such as text, photos, or PDF documents. Surprisingly, the apps we tested only chose to read text, but ignore other data types such as photos or PDF documents. In other words, all the apps we listed in our blog are only interested in reading text from the clipboard.Mysk
According to Mysk, there is a number of application who are guilty of this act and listed them out to include popular applications such as the ABC News, CBS News, NCBC, Fox News, New York Times, Reuters, WSJ, 8 Ball Pool, Tik Tok and much more.
Apps named as guilty of this exploit include ABC News, CBS News, CNBC, Fox News, New York Times, Reuters, WSJ, 8 Ball Pool, TikTok and more.
The conclusion to the piece states:
Access to the pasteboard in iOS and iPadOS requires no app permission as of iOS 13.3. While the pasteboard provides the ease of sharing data between various apps, it poses a risk of exposing private and personal data to suspicious apps. We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware. Our investigation confirms that many popular apps read the text content of the pasteboard. However, it is not clear what the apps do with the data. To prevent apps from exploiting the pasteboard, Apple must act.Mysk
While a direct exploitation from this applications might not be very usual, the fact that they can be easily hacked and used as a shield while hackers exploit information on people’s clipboard is the real danger which needs to be re-examined and dealt with.