What you need to know
- Apps including TikTok can read your clipboard in iOS without permission.
- Two developers have used Xcode to analyze the behavior of 50 apps.
- It poses a massive risk of exposing private and personal data.
Two developers have revealed that apps in iOS 13.3 can read your iOS clipboard without permission.
According to the blog Mysk, two developers Tommy Mysk and Talal Haj Bakry have used Xcode to analyze the behavior of around 50 apps, with some startling results.
Your iOS/iPadOS clipboard, or pasteboard, is where information that you copy and paste is stored whilst you're using it. If you highlight anything on your iPhone or iPad, like text, a message from a friend, a password or a credit card number, it gets stored on your clipboard until you used it.
From the report:
We have explored popular and top apps available on the App Store and observed their behavior using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.
According to Mysk, who contacted iMore with additional information,
The exploit works with all data types such as text, photos, or PDF documents. Surprisingly, the apps we tested only chose to read text, but ignore other data types such as photos or PDF documents. In other words, all the apps we listed in our blog are only interested in reading text from the clipboard.
Apps named as guilty of this exploit include ABC News, CBS News, CNBC, Fox News, New York Times, Reuters, WSJ, 8 Ball Pool, TikTok and more.
The conclusion to the piece states:
Access to the pasteboard in iOS and iPadOS requires no app permission as of iOS 13.3. While the pasteboard provides the ease of sharing data between various apps, it poses a risk of exposing private and personal data to suspicious apps. We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware. Our investigation confirms that many popular apps read the text content of the pasteboard. However, it is not clear what the apps do with the data. To prevent apps from exploiting the pasteboard, Apple must act.
You can read the full report, including a full list of guilty apps here.
Updated: This article has been updated to correctly report on how the exploit works, as explained to us by Tommy Mysk.
We may earn a commission for purchases using our links. Learn more.
Consumers spent $17 billion through the App Store in Q2 of 2020
According to a new report from App Annie, app usage and spending on the App Store has hit on all time high in the second quarter of 2020.
You can now use your GoPro Hero8 as a webcam on your Mac
Sick of dealing with the average-at-best camera in your Mac? No problem, GoPro has now released beta software that lets you use your Hero8 camera instead.
Apple's Back to School promo is now live in Europe, Asia, and more
Following its launch in the United States, the Apple Back to School promotion is now live in Europe, Asia, Mexico, and the Middle East with AirPods on offer.
Train insane with the best fitness trackers for triathletes
These fitness trackers are the cream of the crop when it comes to health and fitness tracking for triathlon training. Which tracker will you need? Here's what our research shows.