| I have been highly concerned about this after I opened a certain iOS app, and was immediately greeted with a system alert saying "Pasting from Mac..." even though there was NO reason whatsoever for it to access the clipboard (it was basically the first-run splash screen.) Thanks to Apple's Continuity feature [0], you can seamlessly copy/paste across iPhones, iPads and Macs, and indeed it can be handy. But if my network (or something else) hadn't been laggy at that time, I would have never caught that app trying to obviously snoop my clipboard's contents. I'm sure many more apps do this and they must be exfiltrating it. And yes, I often copy/paste sensitive data to avoid retyping it, so this is practically CROSS-PROCESS, CROSS-DEVICE SPYWARE in an innocuous way that very few people would even think of, or should ever have to worry about. The solution is simple: Don't let any process read the clipboard unless the user explicitly chooses to paste. Apps that need automatic clipboard access to offer added convenience (like autofilling certain forms) should require explicit permission, just like we have for camera/microphone/etc., and preferably only while the app is in focus. After all, such "intent-based security" is the reasoning behind the existing macOS "PowerBox" [1] which lets apps access only the files that the user manually chooses in an open/save dialog. Extend it to the clipboard too. [0] https://support.apple.com/kb/ph25168 [1] https://developer.apple.com/library/archive/documentation/Se... |
but how does an OS know that a particular key combination is meant to mean "paste"?
Couldn't the app just pretend that the user wanted to paste because their cursor is in the password field?
Or, you end up with the OS owning all of an app's interaction. Leaving very little room for app innovation or improvement. It's a bit of a rock and a hard place.