According to research by Tommy Mysk and Talal Haj Bakry several popular iOS apps are reading the contents of pasteboard or clipboard without the user consent.
The investigation reveals that popular Apps like TikTok, 8 Ball Pool™, and Hotels.com, read the contents of the clipboard every time a user opens the app. The report says that,
“Apps on iOS and iPadOS have unrestricted access to the system-wide general pasteboard, also referred to as the clipboard.”
The text or the content on the pasteboard may not be relevant, but it can be a highly sensitive data such as usernames, passwords, financial information, and more. Bakry and Mysk also investigated the potential security risks of this vulnerability previously in another investigation. According to that report, they found that “Precise location information was leaking through the system pasteboard.”
According to the findings of the investigation, several Apps belong to various categories that are accessing the data without user consent. The apps fall under categories such as News, games, social networking apps, and many others. Some of these apps are 8 Ball Pool, AMAZE, Fruit Ninja, TokTok, Zoosk, Viber, Hotels.com, Sky Ticket, and more. Apple should make some rules and take necessary actions for such apps.
