iOS 14 Clipboard Privacy Panic: The Dilemma of Privacy vs. Convenience
Why do so many iOS apps read your clipboard?
ℹ️ℹ️ℹ️ The following content is translated by OpenAI.
Click here to view the original Chinese version. | 點此查看本文中文版
iOS 14 Clipboard Privacy Panic: The Dilemma of Privacy vs. Convenience
Why do so many iOS apps read your clipboard?
{:target="_blank"}](/assets/8a04443024e2/1*wM7qHRz14k95BGZk769zIw.jpeg)
Photo by Clint Patterson
⚠️ Update on 2022/07/22: Upcoming Changes in iOS 16
Starting from iOS ≥ 16, when users do not actively paste, apps that attempt to read the clipboard will trigger a prompt asking for permission. Users must click “Allow” for the app to access clipboard information.
{:target="_blank"}](/assets/8a04443024e2/0*pOtqMDY0qXhDJXXG.png)
UIPasteBoard’s privacy change in iOS 16
Issues
Top notification message when the clipboard is accessed by an app
Starting with iOS 14, users are notified when an app reads their clipboard. This has caused significant privacy panic, especially with apps from mainland China, which are already notorious. The media has amplified these reports, but it’s not just Chinese apps; many apps from the United States, Taiwan, Japan, and around the world have been revealed to do the same. So why do so many apps need to read the clipboard?
Google Search
Security
The clipboard may contain personal information, including passwords, such as those copied from password managers like 1Password or LastPass. If an app can read this information, it can also send it back to a server. It all depends on the developer’s integrity. If someone wants to investigate, they can use man-in-the-middle sniffing to monitor what data the app sends back to the server, including clipboard information.
Background
The Clipboard API has existed since iOS 3 in 2009, but starting with iOS 14, users receive prompts notifying them of clipboard access. Over the years, malicious apps could have already collected sufficient data.
Why
Why do so many apps, both domestic and international, read the clipboard upon opening?
Here, I want to clarify that I am referring to the situation when the app is opened, not when the app is actively using the clipboard. Reading the clipboard during app usage is typically related to specific functionalities, such as Google Maps automatically pasting a recently copied address. However, some apps may continuously steal clipboard information.
“A knife can be used to chop vegetables or to kill someone; it depends on what the user intends to do with it.”
The primary reason apps read the clipboard upon opening is to implement iOS Deferred Deep Link to enhance user experience, as shown in the flow above. When a product offers both a website and an app, we prefer users to install the app (as it increases engagement). Therefore, when users browse the website, we guide them to download the app, and we want the app to automatically open the page they were viewing when they left the website.
EX: When I browse the mobile version of PxHome in Safari -> see a product I like and want to buy -> PxHome wants to direct traffic to the app -> download the app -> open the app -> display the product I just saw on the website
If this is not done, users would have to either 1. return to the website and click again or 2. search for the product again within the app; either option increases the difficulty and hesitation in making a purchase, which may lead to them not buying at all!
From an operational perspective, knowing the source of successful installations is very helpful for marketing and advertising budget allocation.
Why use the clipboard? Are there alternative methods?
This is a cat-and-mouse game because Apple does not want developers to be able to reverse-track user sources. Before iOS 9, the method was to store information in web cookies, which apps would read after installation. After iOS 10, this method was blocked by Apple, leaving developers with no choice but to resort to the final tactic — “using the clipboard to transmit information.” With iOS 14, Apple introduced a new prompt to make developers uncomfortable.
Another route is to use Branch.io to record user profiles (IP, device information) and then read the information in a combined manner. This is theoretically feasible but requires a significant investment of manpower (involving backend, database, and app) to research and implement, and it may lead to misjudgments or collisions.
*Android Google has always supported this functionality without the need for the roundabout methods required by iOS.
Affected Apps
Many app developers may not even realize they have clipboard privacy issues because Google’s Firebase Dynamic Links service also uses the same principle:
1
2
3
4
5
// Reason for this string to ensure that only FDL links, copied to clipboard by AppPreview Page
// JavaScript code, are recognized and used in copy-unique-match process. If user copied FDL to
// clipboard by himself, that link must not be used in copy-unique-match process.
// This constant must be kept in sync with constant in the server version at
// durabledeeplink/click/ios/click_page.js
Therefore, any app using Google Firebase Dynamic Links service may be affected by clipboard privacy issues!
Personal Opinion
There are indeed security issues, but it ultimately comes down to trust. Trusting developers to do the right thing; if developers want to do harm, there are many other ways to do so, such as stealing credit card information or recording real passwords, which are much more effective than this.
The purpose of the prompt is to make users aware of when the clipboard is being accessed. If it seems unreasonable, they should be cautious!
Reader Questions
Q: “TikTok’s response to accessing the clipboard is to detect spam behavior.” Is this statement correct?
A: Personally, I believe it’s just an excuse to deflect public opinion. TikTok’s intention seems to be “to prevent users from copying and pasting advertising messages everywhere”; however, they could block and filter at the time of message input completion or when sending the message, without needing to constantly monitor the user’s clipboard! Should they also monitor if the clipboard contains advertisements or “sensitive” information? I haven’t pasted anything to publish it.
What Developers Can Do
If you don’t have a spare device to upgrade to iOS 14 for testing, you can first download XCode 12 from Apple and test it using the simulator.
Everything is still quite new. If you are using Firebase, you can refer to Firebase-iOS-SDK/Issue #5893 to update to the latest SDK.
If you are implementing DeepLink yourself, you can refer to the modifications in Firebase-iOS-SDK #PR 5905:
Swift:
1
2
3
4
5
6
7
if #available(iOS 10.0, *) {
if (UIPasteboard.general.hasURLs) {
//UIPasteboard.general.string
}
} else {
//UIPasteboard.general.string
}
Objective-C:
1
2
3
4
5
6
7
8
9
if (@available(iOS 10.0, *)) {
if ([[UIPasteboard generalPasteboard] hasURLs]) {
//[UIPasteboard generalPasteboard].string;
}
} else {
//[UIPasteboard generalPasteboard].string;
}
return pasteboardContents;
}
Check if the clipboard content is a URL (since the content copied from the web is usually a URL with parameters) before reading it, so that the clipboard access prompt does not appear every time the app is opened.
For now, this is the only way; the prompt will still appear, but it will be more focused.
Additionally, Apple has introduced a new API: DetectPattern, which helps developers more accurately determine if the clipboard information is what they need before reading it and triggering the prompt, allowing users to feel more secure while developers can continue to use this functionality.
DetectPattern is still in Beta and can only be implemented in Objective-C.
Or…
- Switch to Branch.io
- Implement the principles of Branch.io yourself
- Have the app display a custom alert to inform users before reading the clipboard (to reassure users)
- Add new privacy terms
- Use the latest iOS 14 App Clips? Direct users from the web to lightweight App Clips for deeper engagement with the app
Further Reading
- iOS Deferred Deep Link Implementation (Swift)
- Using mitmproxy for man-in-the-middle sniffing on iOS and macOS
- iOS 15 / macOS Monterey Safari will be able to hide real IP
If you have any questions or feedback, feel free to contact me.
This article was first published on Medium ➡️ Click Here
Automatically converted and synchronized using ZMediumToMarkdown and Medium-to-jekyll-starter.
