Avoid Copying to Clipboard on the iPhones | TechTree.com

Avoid Copying to Clipboard on the iPhones

Because there is a possibility that some apps can actually snoop into this data for detailed information about users


Apple has prided itself on data privacy by shouting out from billboards that in their ecosystem the data only belongs to the users. In fact, when the data privacy advocates were ganging up against rivals, Tim Cook’s team was taking the higher moral ground with their statements around the topic, even taking on governments over the legal aspects of unlocking devices.

They didn’t stop here. Apple appeared at the annual CES event in Las Vegas earlier this year, breaking a 28-year no-show with a cringe-worthy preach on data security and privacy. They took the “What happens on your phone, stays on your phone” like to the next levels by giving a discourse on how data security would look like in the years ahead.

Then again, they upgraded the iOS 13 to ensure that apps that were looking to identify a user’s location would be forced to take permission to do so, something that rival Google just announced as part of their own privacy policies. In other words, Apple has taken data privacy as its mantra at a time when tech giants are facing legal issues around it.

Amidst all this brouhaha over data privacy comes the news that the iPhone and iPad could facilitate snooping of data pasted on the system clipboard. Researchers at domain registry Mysk suggest that the data that users copy and paste on their clipboard could serve the need of some apps that are seeking to get detailed information.

"A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties, and accurately infer a user's precise location. This can happen completely transparently and without user consent,” Mysk says in its blog.

The blog goes on to suggest that several apps made the headlines with links to organizations notorious for compromising user privacy. “Unfortunately, some of the apps were very popular in some countries. If such malicious apps relied on reading user location from photos left in the pasteboard as described in this article, enough data may have already been harvested to put people’s lives in danger.”

The company went on to offer several solutions to the problem, that includes adding a permission system for reading from the clipboard, allowing apps to only access it if the user actively performs a paste operation or removing location data from copied data.

And how did Apple react? “We submitted this article and source code to Apple on January 2, 2020. After analysing the submission, Apple informed us that they don’t see an issue with this vulnerability,” says the Mysk blog right up front.

TAGS: Apple, Privacy, Clipboard, Data Privacy, Location, Mysk