New iOS 14 feature shows just how many apps are snooping on your clipboard
A new feature in iOS 14 developer beta 1 has some users taken by surprise. The feature alerts the user every time an app access the clipboard for whatever reason, and let's just say there are way too many apps today that are accessing your clipboard for seemingly no reason at all.
If you are running iOS 14 developer beta 1 and copy an item to your clipboard then the OS will show a pop-up notification at the top of the screen informing you whenever an app has accessed the data in your clipboard. The video below demonstrates this in action. Make sure you watch it in fullscreen so you see the top of the video where the notifications appear.
The user in this video copied an image from iMessage and then opened a series of apps. In each case, iOS showed a notification at the top where it informed the user that the app they opened accessed the clipboard data from iMessage.
The apps here are all unrelated and from various categories but they all seem to have one thing in common, they all access the clipboard data. It's hard to say if these apps were randomly chosen or because these were the only apps on the user's device that accessed the clipboard data.
Now, before the panic sets in, it's worth pointing out that apps often need access to the clipboard for various reasons. Chrome, for example, will check your clipboard if it has a URL, which it will then suggest when you tap on the address bar. Popular Reddit app Apollo (not shown here) will check your clipboard if you have a reddit link pasted there, and then ask you if you want to open that link inside Apollo.
Christian Selig, the developer of Apollo, even took to Reddit to explain why his app needs access to the clipboard and how it exactly works. According to Selig,
It's literally just like "Hey iOS, is there a URL on the clipboard? Oh there is, is it a Reddit one? Okay cool let me ask them if they want to open it." Obviously at no point does anything else happen like it leaving the device or anything. It'll show this banner even if there's not a Reddit URL because it needs to check the URL to see if it's a Reddit URL in the first place. Schrodinger's Reddit URL. But the clipboard API (prior to iOS 14) was very open, as someone else said, what if medical records were on your clipboard as text? Well in Apollo's case, that doesn't qualify it as a URL, so it wouldn't even "look".
Selig admits that just because his app doesn't misuse the clipboard data, doesn't mean that other apps wouldn't. He also admits that even in his case we just have to take his word for it.
The good thing is that this rather scary looking notification will cause developers to block their apps entirely from accessing the clipboard if it doesn't need it, just to prevent that pop-up from appearing. And for apps that do require it, developers would now have to explain just why they need access to clipboard.
It's important to note that Apple isn't blocking access to clipboard by default here, the way it does for things like camera, microphone, or location. That would probably break a lot of apps instantly. Instead it has chosen to alert the user that their data might be getting read by other apps so they can be more careful with it. And if it causes users and developers to adopt better practices, it's still a win in the end.
This is still the first beta so this feature could go through some changes or might not even make it to the final build. We will just have to wait and see how this one plays out.
P.S. This is not an iOS issue. It's common behavior for applications on all platforms and why password managers auto-clear your clipboard after a set amount of time.
Reader comments
- Anonymous
- 27 Jun 2020
- XRg
You can't do these on jailbroken iPhone as even a non rooted Android offers more than a jailbroken iPhone
- Blackk Mamba
- 27 Jun 2020
- XRg
OS Level blocking can only be done on Rooted Android. You can do these on jailbroken iPhone as even a non rooted Android offers more than a jailbroken iPhone.
- RejZoR
- 26 Jun 2020
- M}3
Ok, so it shows it's capturing clipboard. But can this behavior be blocked on OS level? Notification is of no use really if you don't have control over the actual content being pasted around.