What you need to know
- Apps including TikTok can read your clipboard in iOS without permission.
- Two developers have used Xcode to analyze the behavior of 50 apps.
- It poses a massive risk of exposing private and personal data.
Two developers have revealed that apps in iOS 13.3 can read your iOS clipboard without permission.
According to the blog Mysk, two developers Tommy Mysk and Talal Haj Bakry have used Xcode to analyze the behavior of around 50 apps, with some startling results.
Your iOS/iPadOS clipboard, or pasteboard, is where information that you copy and paste is stored whilst you're using it. If you highlight anything on your iPhone or iPad, like text, a message from a friend, a password or a credit card number, it gets stored on your clipboard until you used it.
From the report:
We have explored popular and top apps available on the App Store and observed their behavior using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.
According to Mysk, who contacted iMore with additional information,
The exploit works with all data types such as text, photos, or PDF documents. Surprisingly, the apps we tested only chose to read text, but ignore other data types such as photos or PDF documents. In other words, all the apps we listed in our blog are only interested in reading text from the clipboard.
Apps named as guilty of this exploit include ABC News, CBS News, CNBC, Fox News, New York Times, Reuters, WSJ, 8 Ball Pool, TikTok and more.
The conclusion to the piece states:
Access to the pasteboard in iOS and iPadOS requires no app permission as of iOS 13.3. While the pasteboard provides the ease of sharing data between various apps, it poses a risk of exposing private and personal data to suspicious apps. We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware. Our investigation confirms that many popular apps read the text content of the pasteboard. However, it is not clear what the apps do with the data. To prevent apps from exploiting the pasteboard, Apple must act.
You can read the full report, including a full list of guilty apps here.
Updated: This article has been updated to correctly report on how the exploit works, as explained to us by Tommy Mysk.
Apple celebrates 15 'App Store Best Of 2020' winners
Apple has announced 15 App Store Best Of 2020 awards winners including some names you'll know and some you might not.
Unread 2.4 brings improved widgets and a re-worked interface
RSS is far from dead and Unread is one of the best ways to read your feeds. Unread 2.4 makes it even better!
Meet Addy and Michael in the latest 'Stillwater' Apple TV+ trailer
The wise panda is always helping his friends and this trailer is all about them.
Your Mac holds your digital life, so make sure to back it up!
One of the most important things you should be doing with your Mac is backing up all of its data. Here are some of our favorite solutions for backing up your most important files, should anything ever happen.