Recently revealed – are apps secretly reading your clipboard?

CyberPanther

Level 6
Thread author
Verified
Well-known
Oct 1, 2019
295
Apple’s upcoming iPhone update includes a feature that has revealed an unsettling practice by common apps. Currently available only in beta, the iOS 14 update notifies users when an app accesses their clipboard, an action that used to go unnoticed. This issue isn’t limited to Apple products either. Android apps have the same clipboard-reading capabilities, making just about every smartphone user a potential victim. In total, at least 53 applications have been found to be accessing users’ clipboards without their knowledge.
If you’ve ever copied and pasted text on your smartphone, there’s a high chance one of your apps snuck a peek. While some apps have cleaned up their act, others are taking their time removing their clipboard-reading features. Here’s what you should know if you want to make sure apps aren’t accessing information you otherwise wouldn’t provide.
Why would an app need access to your clipboard?
Apps having the ability to access your clipboard can actually be useful in some cases. For example, copying the tracking number for an order from an online store can automatically be inputted into the corresponding delivery company’s app. Certain browsing apps, like Google Chrome, can recognize a copied URL and prompt users to see if the copied text belongs to a site they wish to visit. The clipboard feature can save smartphone users’ time and create a better overall experience. However, when an app accesses your clipboard with no apparent reason (and without letting you know), it can be unsettling, to say the least.
Copying passwords or sensitive data like credit card numbers to paste into your browser or an app may be common practice for you. The issue is that leaving such information on your clipboard and opening an app that unsuspectingly views your information can make you an easy target for cybercriminals.
Is an app accessing my clipboard dangerous?
If there’s one thing that’s clear, it’s that this isn’t an issue found in “buggy” apps. Some of the most popular and most frequently used apps are helping themselves to your copied text without your knowledge or permission. One popular app under fire is TikTok, which claims that an anti-spam technique is behind its unwarranted reading of clipboard text. While the company released a statement saying the anti-spam feature would be removed, the iOS update in beta is still notifying users of the app reading their clipboard.
Reddit was also found to be reading clipboard text, surprisingly peeking on each keystroke. While the company has released a statement saying that clipboard contents are never stored, they’re still acknowledging the issue by removing the feature (an app update is scheduled to be released on July 14, 2020). And what is considered by many to be the most popular of social networks for professionals, LinkedIn has also been identified as an app reading clipboard text. But they don’t stop there. The app can also gather clipboard text from connected devices. So even if you’re exercising caution on your smartphone and only copying text on your laptop, including passwords and credit card numbers, LinkedIn could still be taking a peek without your knowledge.
Is an app gaining access to clipboard text dangerous? It depends. The answer to just how dangerous the app clipboard threat is will vary by person. But if you have ever copied a password, credit card number, address, username, bitcoin address, email or text message with personal information, or anything else you would otherwise keep private, then you have every right to question whether your privacy is at stake. As this issue comes to light, we’re finding that most app companies deny any type of data storage from clipboard content. But without knowing for sure, it can be hard to ignore the privacy threat.
How to stop apps from reading your clipboard
Unfortunately, there isn’t a one-size-fits-all solution for smartphone users who want to prevent apps from accessing their clipboards. But here are a few tips.
Use a password manager
A password manager can help you create and store unique passwords for all your apps and online services. This means you won’t have to copy and paste from other sign-in pages. Some password managers also offer an option to automatically clear your clipboard after a specified amount of time. As long as you don’t open a new app right away, your copied text will be protected.
Avoid certain apps
If an app you love is on the current list of clipboard-reading offenders, you may want to temporarily stop using it until an update removing any coding or bugs behind their unwarranted snooping is released. If you don’t want to give up the app, stop using the copy and paste feature until the issue is resolved.
Copy decoy data
If you don’t want to give up apps or your clipboard, keep this tip in mind. After using the clipboard feature, copy decoy data to replace any sensitive text you had copied. For example, you can copy and paste a username or password but before opening another app, copy a random phrase from a random website. If an app does read your clipboard, it won’t come across any sensitive information.
Protect your privacy when using mobile apps
We’re still learning more about apps accessing clipboard content. The best case scenario is that these apps have no ill intent, data isn’t being stored, and you don’t have to worry about your privacy. But a worst case scenario could leave you vulnerable to serious cybercrime, including financial theft and even having your identity stolen.
Researchers hope that apps will be required to ask permission in the future before accessing clipboard text. But until then, remember that any data stored on your clipboard can be accessed without your knowledge. Use mobile apps and your clipboard with caution.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top