Study finds that popular iOS apps wanting to read the Pasteboard
Earlier, Apple opened the system clipboard read permission to all developers, and all applications can use this permission to read the system clipboard content without restriction.
Under normal circumstances, there may not be any security risks when the clipboard is read. However, sometimes we may read key information such as passwords through the clipboard.
Sometimes, financial information such as bank card account security codes is also copied. If the account password financial information is also read by a third-party application, it is definitely not a good thing.
Unfortunately, even if it’s not a good thing, users can’t solve this problem, because Apple doesn’t provide the clipboard permission configuration so that all applications can be read the Pasteboard freely.
A few days ago, security experts investigated and analyzed the security issues of the clipboard, and the analysis showed that many popular applications read the contents of the system clipboard.
Most importantly, these applications may also be read while running in the background, so the contents of the clipboard may be leaked even if the user does not this app.
If the user happens to copy financial information such as passwords or bank card account numbers and passwords, obviously such critical information will also be read by these third-party applications.
Although not all applications upload the server after reading the contents of the clipboard, users who do not have a good intention and like to track will save the user’s clipboard record.
Over time, these applications can analyze and portrait users based on the content that users copy and paste on a daily basis, and even determine the user’s geographic location.
Analysis by security experts also revealed that many applications do not actually need to use the copy and paste function, but they still read the contents of the clipboard continuously.
Even if security experts think this is a very high-security risk, there is no way to solve it, because Apple grants all developers read the clipboard permissions and is unlimited. Users can only be advised not to copy passwords.
