PSA: All Apps Can Read Your iPhone and Android Clipboard

Have you seen the news about TikTok? A new privacy feature in iOS 14 revealed that the Chinese social media app was constantly reading iPhone clipboards. But that’s nothing new. All apps can read your smartphone clipboard whenever they like.

We Just Learned What Apps Are Already Doing

What TikTok was doing wasn’t new. The only thing new is that Apple’s iOS 14 update now informs you when an application captures the contents of (pastes) from your clipboard.

Of course, after people noticed the company started getting bad press, TikTok claimed it didn’t store the data and rolled out an update to stop reading it. But, as Engadget points out, many other apps are doing the same thing—constantly reading data from your clipboard.

Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification

— Jeremy Burge (@jeremyburge) June 24, 2020

Why Do Smartphones Let Apps Read the Clipboard?

When you copy something to your clipboard, apps can read the contents of your clipboard without you manually selecting “Paste.” This is by design.

For example, when you copy a tracking number to your clipboard on iPhone or iPad and open a package-tracking app, it can recognize you have a tracking number and offer to add it automatically. When you copy a web address (URL) to your clipboard and open a browser, it can offer to automatically go to that address.

It’s just more convenient than forcing you to tap a “Paste” button whenever you want to move something to another app.

This applies to Apple’s iPhone and iPad as well as Android. Whichever smartphone operating system you’re using, apps can read your clipboard.

Your Copied Text Could Be Sent to a Remote Server

But, as TikTok demonstrated, apps can also just capture the contents of your clipboard in the background and do whatever they want with it. They might send the contents of your clipboard to a remote server.

We’re not accusing any apps of doing this—we’re just saying that it’s technically possible and there’s nothing stopping it in iOS or Android. Apps don’t have to ask for permission before reading your clipboard like they do before reading your contacts, photos, and location.

Copying Private Things Is Risky

Let’s say you use a password manager and you have to copy an online banking password or credit card number to paste in another app. If you leave that private information on your clipboard, other apps you use—like TikTok—can read your clipboard and see that data.

The same goes for other sensitive types of data, such as names and addresses or even private photos. Apps you open can see what’s on your clipboard.

The only way to really protect yourself after copying the data is to clear your clipboard by copying some other data. For example, you can highlight any word on any web page or in any app and select “Copy.”

Apple’s iOS and iPadOS, as well as Android, don’t remember a history of the items you’ve copied to your clipboard as Windows 10 can. They just see the current item on your clipboard, which is the last thing you copied.

This is why many password manager apps have an option to automatically clear the clipboard after a period of time. For example, 1Password for iPhone has a “Clear Clipboard” option under Settings > Security that will automatically clear things you copy after 90 seconds. Passwords and other private data won’t just lurk on your clipboard for hours. However, any app you use within the first 90 seconds could still read from your clipboard.

On a Desktop or Laptop, It’s Different—Kind Of

Technically, on a Windows PC or Mac, any app you use can also read your clipboard at any time.

However, on a traditional desktop system, you’re probably accessing many services through your web browser. Web apps can’t automatically read your clipboard without your permission—you have to manually paste on the website to provide the contents of your clipboard to the website.

On an iPhone, iPad, or Android device, you’re using many apps that would otherwise be websites. The Facebook website can’t monitor your clipboard, but the Facebook app on your phone certainly can.

Your Clipboard Isn’t As Private As You Think

Apple’s new copy-paste notifications in iOS 14 are a reminder of how much access the apps on our phones truly have. You won’t see the same stories about Android any time soon, but that’s only because Android doesn’t have a notification that tells you when apps are reading from your c clipboard in the background.

Ultimately, it’s a good reminder that you should be careful when copy-pasting private information—and also when installing and choosing to trust apps.

There’s no way to install an app for iPhone, iPad, or Android without also giving it permission to read from your clipboard.

All Rights Reserved for Chris Hoffman

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.