iOS 14, Apple’s upcoming major update to the iPhone operating system, has a security feature that tells users if an app is copying the clipboard in the background without permission from the user. This may not sound like a big deal, but think about the times you have, say, copied a password from a password manager and pasted it into an app to access an account, or copied a credit card number and pasted it into a website to buy something. When you copy the info, it goes to the clipboard.
Since the developer beta release of iOS 14, it has been revealed that several apps have been copying data from the clipboard. Reddit, LinkedIn, TikTok, and many other apps are just a few that triggered the iOS 14 alert.
LinkedIn, Reddit, and TikTok announced that they will be updating their apps so that they will stop accessing the clipboard. LinkedIn and Reddit say it’s a bug, while TikTok says it was to monitor “spammy behavior.”
The security violation was discovered by Talal Haj Bakry and Tommy Mysk, and detailed in a report that originally posted in March. The report explains how in prior versions of iOS and iPadOS, apps are able to access the clipboard freely, and why this is a security risk. Bakry and Mysk’s report has a list of popular apps that were found to access the clipboard, and the list is frequently updated when a developer fixes the issue.
While it’s easy to think that apps that are copying clipboard contents are up to no good, it’s more likely that this is due to programming errors, as Daring Fireball’s John Gruber points out (Gruber calls it “sloppy programming”). If an app hasn’t been updated to fix this problem, you can remove the app from your device until the fix is available.