iOS Copy-Paste Data Vulnerable to Snooping by Other Apps, Researchers Claim

Researchers claim that apps on iPhones have unrestricted access to the general pasteboard that can reveal personal information.

Share on Facebook Tweet Snapchat Share Reddit Comment
iOS Copy-Paste Data Vulnerable to Snooping by Other Apps, Researchers Claim

Photo of iPhone used for representational purpose

  • Copy-pasted information on iPhones are allegedly vulnerable
  • Researchers claim this info can be accessed without permission
  • Apple in reply said issue not vulnerable

When it comes to data privacy and security, Apple has rarely shied away from taking credit for its encryption and security. Even in the tech industry, analysts have time to time lauded the company for its relatively secure operating system when compared to its immediate competitors. But now an alleged flaw in its ecosystem, exposed by two researchers, may allow personal data in Apple's iPad and iPhone devices to be intercepted.

According to Talal Haj Bakry and Tommy Mysk, when a user copies any miscellaneous data, it gets stored on Apple's general pasteboard (commonly known as clipboard). This data temporarily stored to the device's memory can be accessed by all apps, thereby, risks revealing private information such as a user's GPS coordinates, passwords and banking details.

"iOS and iPad operating system apps have unrestricted access to the system-wide general pasteboard," the duo noted in a post published on Monday. They added saying, "A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties." 

To illustrate how one can access information, Mysk and Bakry published a video on their blog in which the researchers created a rogue proof-of-concept (PoC) app called KlipboardSpy and an iOS widget named KlipSpyWidget to show how data saved in general pasteboard gets accessed by apps. You can watch the video here:

Bakry and Mysk further reclaimed in their post that they first submitted this article and source code to Apple on January 2, 2020. "After analysing the submission, Apple informed us that [it doesn't] see an issue with this vulnerability," they said. In their research, it was also mentioned that going by Apple's policies, "iOS and iPad operating system are designed to allow apps to read the pasteboard only when apps are active in the foreground". The researchers cautioned that these apps can always access when an app widget is added to Apple's Today View.

In the concluding section of their post, the duo suggested that Apple should not have “unrestricted access to the pasteboard without user's consent," adding, "Alternatively, the operating system can only expose the content of the pasteboard to an app when the user actively performs a paste operation."


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Abhik Sengupta When not at work, Abhik is planning his next trip to the hills. He can endlessly talk about films, politics, and Danish Hygge, especially over chai. More
Honor Magic Earbuds With Hybrid Active Noise Cancellation Tech, Touch Gesture Support Launched
$8 to Share Bank Balance: Study Puts Monetary Values to Online Data, Privacy

Related Stories




© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on