[trangon]

How, exactly, are they abusing it? Are you suggesting that they send the contents of the clipboard back to their servers? Do you have any proof that they are using the clipboard for nefarious purposes?

It’s disappointing to see the lack of skepticism applied on a site like Hacker News.

[pedrovhb]

What's a legitimate, non-nefarious reason for an app to do that?

[filleduchaos]

The contents of your clipboard _can_ be directly related to the functionality of an app.

For example, a link saving app like Pocket might check if your clipboard currently contains a URL when you open it. That allows the app turn a slightly tedious operation (tap/hold input field to bring up context menu, tap paste, tap button to save) into a single tap ("save copied URL?").

Whether or not the convenience is worth it might be debatable, but I fail to see how one would call that nefarious.

[jkaptur]

It's worth noting that Pocket does check if your clipboard currently contains a URL and does show such a banner. I think it's a handy feature.

[avianlyric]

There a APIs in iOS (which existed before iOS 14) that allow you ask the OS if the clipboard content matches a pattern (e.g. is it a URL) that doesn’t trigger the warning in iOS 14.

It does appear that lots of apps don’t use these APIs, the developers probably never knew the existed till now, but there is a privacy preserving method of the building the functionality you talk of.

[masklinn]

> There a APIs in iOS (which existed before iOS 14) that allow you ask the OS if the clipboard content matches a pattern (e.g. is it a URL)

I don’t think that’s the case. You can check if there’s a URL in the clipboard but that’s a UTI thing.

Most of the URLs would likely be in the “strings” section of the clipboard.

[jurip]

Aren't they just checking with an UTI? So for example a package tracking app can't ask if it contains strings matching patterns describing common package tracking code formats?

[filleduchaos]

True (and I'm aware of those APIs). Just pointing out that "I want to know what's on the system clipboard without the user explicitly pasting" does not automatically equal trying to hoover up your data and phone home with it.

[shalmanese]

The maker of the Apollo Reddit app chimed in on the reddit thread that his app would check to see if a reddit URL was in the clipboard and offer to take you to that page.

Chrome uses it so the URL appears when you select the address bar.

[lostmsu]

Sounds like Chrome doesn't do it in background.

[NamTaf]

Some apps detect if you have a 2FA auth code copied and auto-pastes it. I think Discord might be one? I can't remember which, but I've seen it on at least one app.

I can totally expect others to detect copied URLs that may belong to the app's domain and then offer to direct you to that particular URL (for example, I think the SomethingAwful app on iOS does that - if it detects a forums.somethingawful address it'll offer to load that particular thread for you).

That said, I definitely want to see more visibility about when and why this is done. Apple are absolutely in the right to show me a popup whenever it happens, so apps are forced to be clear and transparent about it.

[madeofpalk]

There was an example on Twitter of a coding app offering a custom "paste" button that’s only enabled if they have something on the clipboard.

[mrtksn]

Session restoration after install. Explained here: https://news.ycombinator.com/item?id=23635223

[layoutIfNeeded]

I can guarantee you that there are tons of apps that send your clipboard verbatim to their analytics services, because some product manager "wants to see the data".