Hacker News new | ask | show | jobs
by opayen 2654 days ago
They finally restricted access to clipboard (see https://developer.android.com/preview/privacy/data-identifie...).

I always thought it was insane that any app could just listen to everything that went to the clipboard, even while in the background and without any permission. I'm sure many people copy passwords, credit card numbers, bitcoin private keys, etc.
1 comments
saagarjha 2654 days ago
I'm still of the opinion that apps with focus should not be able to read the clipboard by default. iOS allows this too, but this means that apps can (and do!) read stuff like passwords, links, and other stuff you've been interacting with passively.
link
Razengan 2654 days ago
I have been highly concerned about this after I opened a certain iOS app, and was immediately greeted with a system alert saying "Pasting from Mac..." even though there was NO reason whatsoever for it to access the clipboard (it was basically the first-run splash screen.)

Thanks to Apple's Continuity feature [0], you can seamlessly copy/paste across iPhones, iPads and Macs, and indeed it can be handy.

But if my network (or something else) hadn't been laggy at that time, I would have never caught that app trying to obviously snoop my clipboard's contents. I'm sure many more apps do this and they must be exfiltrating it.

And yes, I often copy/paste sensitive data to avoid retyping it, so this is practically CROSS-PROCESS, CROSS-DEVICE SPYWARE in an innocuous way that very few people would even think of, or should ever have to worry about.

The solution is simple: Don't let any process read the clipboard unless the user explicitly chooses to paste.

Apps that need automatic clipboard access to offer added convenience (like autofilling certain forms) should require explicit permission, just like we have for camera/microphone/etc., and preferably only while the app is in focus.

After all, such "intent-based security" is the reasoning behind the existing macOS "PowerBox" [1] which lets apps access only the files that the user manually chooses in an open/save dialog. Extend it to the clipboard too.

[0] https://support.apple.com/kb/ph25168

[1] https://developer.apple.com/library/archive/documentation/Se...

link
chii 2654 days ago
> The solution is simple: Don't let any process read the clipboard unless the user explicitly pastes.

but how does an OS know that a particular key combination is meant to mean "paste"?

Couldn't the app just pretend that the user wanted to paste because their cursor is in the password field?

Or, you end up with the OS owning all of an app's interaction. Leaving very little room for app innovation or improvement. It's a bit of a rock and a hard place.

link
Razengan 2654 days ago
> how does an OS know that a particular key combination is meant to mean "paste"?

macOS and iOS can do that easily; every app has a standard menu provided by the system, as well as a mechanism for modifying default shortcuts.

The clipboard should be treated like a potentially sensitive file. There's no excuse not to include it in the explicit permissions we already require for other files, photos, camera, microphone, contacts, location, and so on.

link