While this might seem obvious once you actually take a moment to think about it, any app running on your iPhone, iPad, or iPod touch can read whatever you put on your clipboard. Since the very purpose of the iPhone clipboard is to share data between apps, it’s a necessary function of iOS, but what many users aren’t really aware is that apps can silently read whatever you have sitting on your clipboard—without your permission or even knowledge.
This can create some pretty serious privacy and security risks if you’re not careful about what apps you’re using, as a new analysis from security researchers at Mysk have demonstrated. The report, shared by 9to5Mac, reveals exactly how much access apps have to what’s on your system clipboard, and what they can actually do with this information.
In fact, the crux of the report by Mysk was to show how precise location information can be leaked simply copying a photo to the clipboard and then opening an app that could read the embedded EXIF location data and use it to build a location tracking database.
iOS and iPadOS apps have unrestricted access to the systemwide general pasteboard. A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard.
This is something that’s especially concerning considering the aggressive location tracking that many app developers and marketing companies have been caught engaging in, not to mention that as Apple adds new location privacy features that hamper their efforts, they’re going to turn to other methods to collect this data more surreptitiously.
As is the norm with most system clipboards, anything you copy remains on the clipboard until it’s replaced by something else—even after you’ve pasted it into the target app. So in other words, if you start in the Photos app and grab a picture to paste into a messaging chat, it will still be on your clipboard if you later decide to play a game, and there’s no technical limitation that prevents even something as seemingly innocuous as a game from siphoning data from your clipboard and sending it to a server somewhere.
How It Works
The researchers at Mysk developed a sample iOS app named KlipboardSpy to illustrate exactly how this works. When opened, the app simply displays whatever is on the clipboard, including the metadata information when something like a photo is detected. The app isn’t available on the App Store, but the developers shared a video of it in action.
What’s more significant here is that any widget on the Today screen can also silently read any data on the clipboard, regardless of whether the user opens the associated app or not.
With Apple’s Continuity features, a user’s macOS clipboard can also be read by an iOS app in the same manner, and it’s worth noting that silent clipboard access isn’t limited to just reading the clipboard—apps can potentially add or change data on the clipboard as well, and although this seems to have a much lower risk of being exploited for nefarious purposes, the team at Mysk does point out how it could be used to do things like replacing IBAN numbers to misdirect banking transfers.
How Serious Is This?
Since apps would have to be deliberately crafted to do this, most of the apps that you’re running aren’t likely pulling data from your clipboard without your permission, but at the same time as we’ve seen from other recent reports, many developers don’t even know how much data their apps are sharing, since they often use third-party advertising and analytics SDKs.
This is why some apps like 1Password actually offer the option to explicitly clear any data they put onto your clipboard after a few seconds—a useful security feature for an app that’s designed to store your passwords and let you paste them into apps and websites.
To be clear, this also only refers to data that is specifically added to the clipboard by using the iOS-level “Copy” command. Most users share photos using the standard iOS Share Sheet or by using photo pickers in the apps themselves, neither of which place the photo on your clipboard. Similarly, using the password autofill in Safari also bypasses the system clipboard.
What Apple Could Do About It
Apple told the Mysk team that it doesn’t “see an issue with this vulnerability,” so it’s unlikely to be fixed any time soon. While the researchers suggest that Apple should in the very least present a visual indication when clipboard data is accessed, Apple clearly considers the ability for apps to silently read the keyword to be useful feature, and in many cases it is. For example, an app like Pocket or Pinterest can automatically detect a link that’s on your clipboard and offer to save or share it as soon as you open the app.
That said, just because Apple doesn’t consider this a “bug” doesn’t mean that they might not address it in some other way. With all of the other privacy controls found in iOS, it stands to reason that Apple should at least require that apps request permission to access the system clipboard on first run—much like they need to do to access to Photos or Contacts. While this might not help with apps that have a legitimate need to access the clipboard, since you’re likely to give these permission anyway, it should raise a red flag if something like Candy Crush requests access to your system clipboard as soon as it starts up.
What You Can Do About This
Much of the data you put on your clipboard isn’t likely all that private, and even things that are, like passwords, wouldn’t have any context to indicate the matching username or even what site or service they’re for, so there’s a limit to how much useful information can be gleaned from this method, but location data definitely seems to be high on the list.
If you are using the clipboard to share photos between apps, it’s usually easy enough to switch to an alternative way of doing this, which would avoid exposing location data from your photos to anything that does want to try and siphon data from your clipboard without your permission.
If you really must use the clipboard, however, the good news is that iOS 13 lets you strip the location information out of a photo before copying it. Here’s how:
- Open the Photos app
- Select the photo(s) you wish to share
- Tap the “Share” button in the bottom left corner
- At the top of the share sheet, where it says “X Items Selected” tap the Options button.
- On the next screen that appears, tap the switch beside “Location” to turn it off.
- Tap “Done.”
- Tap “Copy Photo.”
This can actually be used when sharing photos using any method, and it’s probably a good practice to follow since even services like Facebook which remove location data from your photos before posting them can still keep a copy of that data for its own records. Turning off the location from the iOS Share Sheet ensures that it never leaves the Photos app in the first place.
As for other data you might be placing on your clipboard, your best bet is to just be careful about which apps you’re using, and make a habit of clearing anything confidential from your clipboard by copying something else onto it as soon as you’re done copying it to its destination, and other avoid using the clipboard in those situations where alternatives such as the iOS Share Sheet and Safari’s password autofill are available instead.