A new demo from researchers at Mysk shines a light on the free, unrestricted, access all apps have to the iOS clipboard.
In the video, the developers create a dummy app that simply prints out the information gleaned from the clipboard. When the user copies an image, the app can immediately see the image content and the metadata like the location of where the photo was taken. This becomes a little more sinister when the demo shows that installed widgets can also silently collect all data copied to the clipboard, without user knowledge.
What is shown in this video is nothing fundamentally revelatory, but it is a nice reminder that all sandboxes have escape hatches.
After all, the clipboard is designed to be silently readable by any app. Many apps make features out of this fact; for instance, when you copy an image to the clipboard, a social media app can detect it and offer to attach it to the message in the compose window. Similarly, if you copy a Reddit link and open Apollo, Apollo can read the URL from the clipboard and automatically navigate to the destination in the app.
However, it is certainly true that a nefarious app could surreptitiously acquire some personal data in this way. It’s a good reminder that anything that you copy and paste could be read and saved by any app on the system, including things like Today view widgets, without your knowledge.
Any well-behaved app is never going to do this, but there’s no system indicator that the clipboard has been read so you can’t know if it is happening. Thanks to universal clipboard, it is also possible for an iOS app to read potentially sensitive content copied on the Mac.
Mysk said they reported the state of play to Apple; the company said they do not deem it a security risk. The feature is certainly working as designed, so there’s no bug here.
There is an argument that perhaps Apple should offer toggles in iOS Privacy settings for allowing apps access to the clipboard, like what already exists for system services like Location, Contacts, Bluetooth, and more. Whereas the user has to explicitly open an app to give it a chance to access the pasteboard contents, iPadOS widgets simply sit on the home screen, so it probably make sense for iOS to enforce tighter controls on widgets specifically.
Would you like more transparency about when apps are reading data from the clipboard? Let us know your thoughts in the comments.