Apple has added a new banner alert to iOS 14 that lets users know if an app is pasting from the clipboard and therefore able to read the clipboard’s contents. This is part of iOS 14’s privacy controls, and follows an investigation from Mysk earlier this year that drew attention to the issue.
In the current iOS beta seed, this alert appears anytime a paste operation happens. This sounds fine in principle. However, many popular apps check the clipboard proactively to do some smart action. For instance, the Reddit client Apollo checks the clipboard to see if the user has copied a Reddit link, and offer to take them right to it in the app. This means that the banner appears every time the app is launched…
Some ad networks that are used in apps do actually spy on the clipboard for tracking reasons, and iOS 14 can now make you aware that that is going on. iOS 14 bringing attention to it will also shame many of these analytics packages into removing clipboard snooping behaviors.
In the majority of cases though, nothing untoward is occurring. Most apps accessing the clipboard autonomously are trying to be helpful, like with Apollo. Another example is when browser apps like Google Chrome check the clipboard when you go to the URL field to offer a “Paste and Go” option. Many text editing apps automatically pre-fill a blank document with the clipboard’s contents, if the clipboard holds a string of text.
So many banners appearing from the top of the screen can get annoying fast, and there’s no way to turn them off (unlike other privacy permissions like Bluetooth access where an alert dialog is shown only once).
However, the good news is that Apple has improved the iOS 14 pasteboard APIs to help reduce the amount of times a clipboard paste notification is displayed.
In previous iOS releases, the only way for an app to know what kind of textual information was on the clipboard was to copy it out and check after it has been accessed. You can ask ‘is it a string of text’ so apps can defensively test if they are only interested in strings and not images, for example, but you could never know what that text represents.
Remember, any access triggers the banner alert. This is where the new API comes in.
When updated to use this new facility, an app can query the clipboard for the kind of textual data it contains… without actually getting access to it. An app can know upfront if the clipboard contains a URL or a web search, for instance.
What this means is the Apollo app can ask the system if the clipboard contains text that looks like a URL. If it does, then Apollo can copy the contents and switch to the appropriate page in the app. This will trigger the banner notification.
However, if the test is false and the pasteboard does not contain a URL, then the Apollo app can simply do nothing. This happens silently with no banner triggered. Essentially, the number of false positives will go down when apps are updated.
As the API was only added in iOS 14, developers will have to wait until the fall until they can actually implement this functionality.
The new API certainly doesn’t solve every use case, but it addresses the primary reasons why a legitimate app wants to access the clipboard without user action. If the constant banners still prove to be annoying, it is possible that Apple adds a setting to hide them on a per-app basis in a future OS release.
FTC: We use income earning auto affiliate links. More.