Did you know that all the apps on your iPhone and iPad can snoop on whatever you copy to the system clipboard (called pasteboard on iOS)? A new security demo by researchers at Mysk shows how this could be used by apps to get detailed information about the user.
Must read: DOOGEE S68 Pro: One tough Android smartphone
Here’s one way that any app installed could grab details about a user.
“A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties, and accurately infer a user’s precise location. This can happen completely transparently and without user consent.”
Because Apple has adopted universal clipboard that shared clipboard between devices, this means that shady iOS apps could get access to the Mac pasteboard too.
Mysk offered a number of solutions to this issue, from adding a permission system for reading from the pasteboard, only allowing apps to access the pasteboard if the user actively performs a paste operation, or stripping the location information from copied photos.
Does Apple see this as a problem? Mysk submitted this issue to Apple at the beginning of the year, but were told that it wasn’t an issue.
What do you think? A potential privacy problem, or a non-issue?