iPhone and iPad Apps Can Snoop on Clipboard Data without User Permission

Apple iOS 13

Even though Apple’s mobile operating system is considered to be one of the safest, there are still a few areas where it can be improved in terms of user data protection and privacy. The clipboard’s data can be snooped upon by apps and widgets.

Apple uses a shared clipboard for all its platforms, including iOS and iPadOS. It has now been studied that almost any app and widget can snoop on the data copied to the system clipboard (which Apple calls as Pasteboard) of an iOS or iPadOS device. This information can be misused in various ways.

According to research that was recently published by Mysk, both apps and widgets can silently acquire data from the clipboard. This data can reveal a lot of information about a user, thereby affecting their personal information and privacy. For example, a user may copy an image captured by the iPhone, and an app can copy the image from the clipboard and then extract the location from GPS coordinates embedded into the file.

Since Apple has universal clipboard syncing functionality between macOS and iOS as well as iPadOS platforms, the information copied from Macs can also be accessed by mobile apps. The information such as a user’s location, passwords, one-time passwords, bank account numbers, messages, and more can be easily used by misbehaving apps without any consent from the user.

This privacy concern is quite alarming, but Mysk has offered a solution to this problem. The Cupertino-based tech firm can create a permission system to access information from the clipboard. Moreover, apps should only be able to access clipboard data when a user performs the paste function. GPS coordinates from the images can also be stripped by the OS when they are copied to the clipboard.

The researchers had submitted this security concern to Apple, but the company reportedly told them that it doesn’t see it as an issue.

[Source: Mysk]