Did you know that all the apps on your iPhone and iPad can snoop on whatever you copy to the system clipboard (called pasteboard on iOS)? A new security demo by researchers at Mysk shows how this could be used by apps to get detailed information about the user.
Must read: DOOGEE S68 Pro: One tough Android smartphone
Here’s one way that any app installed could grab details about a user.
“A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties, and accurately infer a user’s precise location. This can happen completely transparently and without user consent.”
Because Apple has adopted a universal clipboard that shared clipboard between devices, this means that shady iOS apps could get access to the Mac pasteboard too.
Mysk offered a number of solutions to this issue, from adding a permission system for reading from the pasteboard, only allowing apps to access the pasteboard if the user actively performs a paste operation, or stripping the location information from copied photos.
Does Apple see this as a problem? Mysk submitted this issue to Apple at the beginning of the year, but were told that it wasn’t an issue.
What do you think? A potential privacy problem, or a non-issue?
See also:
