Any iOS app can silently read sensitive information from the clipboard, even if the app does not include copy and paste functionality This opens the door for snooping apps to retrieve information (such as your location) regardless of that app's permissions
This warning comes from Mysk (via 9to5mac), a security company that has developed both an app and a widget that can silently access anything you copy on iOS
Mysk's app is called KlipboardSpy and works by constantly monitoring and analyzing the contents of the iOS clipboard If you copy an image, for example, it retrieves its metadata and digs for location information that will pinpoint exactly where you took it (and potentially where you are at any given time) As soon as you open the app, KlipboardSpy tells you about all the information it can find
For widgets, as long as the widget is active (like the iPad home screen), it will access and analyze the clipboard data
The clipboard feature in iOS is very simple because it is designed this way
Mysk's apps and widgets notify the user of their actions and work like any other iOS app; like KlipboardSpy, many apps constantly monitor the clipboard and provide additional functionality When an app is opened or has an active widget, it can prompt an action based on what has been copied This happens because these apps read the clipboard contents in the background
But if this happens intentionally, is it really a risk?
After receiving a report from Mysk, Apple denied any potential threat The company claimed that the clipboard is supposed to work this way in macOS as well as iOS
However, there are claims that unfettered access to the clipboard fundamentally affects the security of the entire system and your privacy Passwords, location data, images, and other copied data can be easily and silently shared by unauthorized apps and widgets without the user being aware of it
Plenty of apps have circumvented Apple's security filters time and again The same can be said about Google and its flawed play protections
So if an app can pass Apple's and Google's security systems, why should we assume that free access to the clipboard is okay?
Apple already requires users to give apps permission to access location data and other data, and an open clipboard is a clear path to access location data without any restrictions The same can be said for sensitive information that could be copied
There seems to be a good case for specific user permissions to access the clipboard, just as there is for granting access to location data, microphone, camera, photos, and stored files We have become so accustomed to having this feature always on that it may seem like a hassle, but on second thought, many apps should not require clipboard access at all
There is no reason not to add user permissions to app clipboard access It would just be an operating system with an added layer of security and privacy That is always a good thing
Comments