Many popular apps on your phone, such as Voot, Truecaller, and PhonePe are snooping on your phone's clipboard, where anything that you've copied (to paste) is stored temporarily. This could potentially include highly sensitive information including passwords. This came to light thanks to a new feature in the iOS 14 Developer Beta that alerts users when an app is using the device clipboard. Because of this feature, an alert user realised that the popular video-sharing social network TikTok was checking the clipboard every time something was being typed. However, it's not just TikTok that's carrying out such behaviour.
Gadgets 360 tested 60 different apps to see which are snooping on your clipboard data. What we found is that many of these apps were doing the same thing, with as little explanation to the end-users. Gadgets 360 has reached out to the companies involved to try and learn more about how the information collected is used by them.
Accessing the clipboard isn't a problem in itself. For example, apps such as Google Chrome and Google app need access to the clipboard for their paste and go feature to work. However, not every app has similar requirements, and it's important that the ways in which our data is being used by companies are made more transparent so that people can more safely choose which apps to use or avoid, and what data to share or withhold.
Gadgets 360 tested out 60 popular apps across various categories, and this is what we found. Starting with some of the popular apps that we found were accessing the clipboard on our iPhone running iOS 14 Developer Beta include — Truecaller, AccuWeather, Fruit Ninja, Call of Duty Mobile, Reuters, AliExpress Shopping App, Photo Lab, Chingari, Zee5, Voot, Nykaa, Ajio, Discord, Google News, Google Meet, BHIM and PhonePe. While many of these will have good reasons to access this information, unless this is clearly communicated to the end-users, we must ask why games, news apps, or shopping apps require such information?
"It was recently brought to our attention that iOS 14 highlights that Truecaller is accessing the device clipboard. We wish to clarify that this is by design," Truecaller said in response to questions. "Truecaller accesses the clipboard to let you copy a number from a website, email, SMS or your call log and paste into Truecaller to find out who's number it is. We look at the clipboard only on the device (nothing is sent to our servers), and if we don't find a phone number in the clipboard data, we fully discard the clipboard data.”
"If we do find a phone number, we first ask the user if they want to search for this number on Truecaller and only then is a search carried out," the company added. It's safe to say that many of the other apps on this list also access the Clipboard to enable similar functionalities, however, the fact that this is not made explicit is concerning, as you could have last copied something personal, that is now being accessed by an app that has nothing to do with it.
But another problem, that a developer who asked not to be named explained, is that many times, this could be happening due to the presence of a third party framework, which the developers of the app you're using chose to deploy to enable functionality without fully knowing what all is being done. This is how a fintech company distributed its code through unrelated apps in order to gather user data to build credit ratings.
In fact, PhonePe highlighted something similar in its response to our questions. "The Clipboard access that is being highlighted is because of the Google Firebase Dynamic Links SDK that we use," a company spokesperson said, adding, "This open-source SDK is fairly popular and is used by a lot of apps. PhonePe itself does not directly use the clipboard information of the user in any way. As highlighted in the Firebase Github, this issue is being tracked by them to fix."
These questions are particularly worth asking because out of the 60 apps we tested, many others from similar categories did not access the clipboard. That list of apps that did not access the clipboard includes: Paytm, Zoom, YouTube, Spotify, Aarogya Setu, Instagram, Facebook, TikTok, Messenger, Google Pay, LazyPay, Simpl, Telegram, Snapchat, ShareIt, Netflix, Amazon Prime Video, Airtel Thanks, My Jio, Google Drive, OLX, Microsoft Teams, CamScanner, Asphalt 9: Legends, Angry Bird 2, Candy Crush, MPL, Subway Surfers, Ludo King, Ola, Uber, Zomato, Swiggy, Rave, VLC, Koovs, Flipkart, Amazon Shopping, MMT and Oyo.
WWDC 2020 had a lot of exciting announcements from Apple, but which are the best iOS 14 features for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.