There have been a few issues with the way companies have been handling their iOS clipboards and unintentionally copying data that they shouldn’t have. This comes as a beta version of iOS 14, which sends an alert when an app tries to copy clipboard information, is informing people when sites are trying to copy too much of said clipboard information.
So far, TikTok, Reddit and LinkedIn have all being caught with this questionable behaviour that is leading them to start issuing damage control statements of fixing these security flaws as soon as possible. Apart from TikTok who has claimed this behaviour was part of an anti-spam feature, it’s not clear why this functionality existed in the other apps in the first place, with Linkedin going so far as to simply describe it as a bug that needs to be addressed.
While its great to see prompt response in fixing up these security gaps, it’s concerning that they have been doing it for so long and even if the companies all claim that clipboard information was never stored or saved. As for Apple, outside of warning people of this action, it’s not clear if they’re going to better manage this information themselves as well to prevent other companies from even being able to do this in the first place.
Fixes from all these apps are expected in the coming week, though there could easily be more apps identified in the near future given how the beta is only in use by a small subset of people for now. If you are an iOS user, it might be best to regularly delete your clipboard for the time being to ensure no one inadvertently has access to something you may not want them to see. And please don’t try and copy your usernames and passwords from there too.
Last Updated: July 6, 2020
July 6, 2020 at 22:39
As a senior developer (and for a specific project the main developer so the owner of the code – in my own capacity) I can tell you this: NOTHING (except for a few other things I’ve worked specifically wanting access the clipboard for very good reason) requires access to anything (not withstanding the clipboard).
To be more clear: some apps may need access to your camera, GPS, pictures data (both of which i’m working on), the camera or some other stuff but that is fine as long as it’s for the right thing and the end user acknowledges that as part of the terms of service.