More and more of us (myself included) use a mobile device as our main personal computer. Aside from writing these columns, I have little need for a traditional computer with a keyboard so I end up using my phone or tablet most of the time and I imagine most of you do too. There are pros and cons to doing this. One obvious pro is the portability of a mobile device. I can take my tablet anywhere in the house and it’s never in the way. The cons are few, but they do exist.
We recently discovered that more than 50 apps (the number is likely much larger given the number of apps on the app store) on iOS have been snooping on the clipboard. Your clipboard is the thing that holds anything you copy so that you can paste it elsewhere. Think about a word or phrase you don’t know so you highlight it, copy it, and then open up a browser and paste it there to search for it. Once you’ve copied it, that word or phrase can be read by any app that decides it wants to read your clipboard.
An app shouldn’t know what’s on your clipboard until after you’ve explicitly pasted the contents into the app. You might not worry too much about a word or phrase, but what if it happened to be a password, or your banking information, or your bitcoin wallet address?
Malware does exist that monitors your clipboard for something resembling a bitcoin address and then replaces it with a different address. In doing so the user pastes the wrong destination address and ends up sending the bitcoin to a wallet that they didn’t intend to. Many people have lost thousands of dollars (one bitcoin is worth around $10 thousand right now) because of this devious trick. An app snooping on your clipboard is bad regardless of where it runs.
This snooping is made worse if you have multiple Apple devices and they are near each other. Apple created a feature called universal clipboard. This allows you to copy something on your iPhone and then paste it on your iPad or Mac if they’re close to each other. This means an app snooping on your clipboard on your iPhone could potentially see anything that’s copied on another Apple device nearby.
The most well known offender of this type of snooping is TikTok, a Chinese social media company that has more than 800 million installs and more than 104 million in the U.S. alone. But there are plenty of other offenders. Some of them don’t even have a text field so they’d have no reason to snoop on your clipboard.
The good news if you’re an iPhone or iPad user is that the newest version of iOS and iPadOS will let you know when an app snoops on your clipboard. Last week Apple announced new major versions of their operating systems. They will release to the general public later this fall, but developers can download the beta versions right now. In the newest version you’ll be alerted anytime you open an app and it automatically reads from your clipboard.
Happily, most of these apps are going to do nothing with the contents of your clipboard. I doubt The New York Times is reading your clipboard so that it can steal your banking information or passwords. But at the same time, an app like The New York Times has no business reading your clipboard.
I will take this opportunity to remind you that just because it’s in the app store doesn’t make it safe. You should carefully decide before downloading each app you put on your device.