
Facebook iOS App Scrapes Your Clipboard? - chillaxtian
https://un-excogitate.org/facebook-ios-clipboard/
======
conradev
Apple actually improved the security of this in iOS 9 by only allowing
foreground apps and extensions to read the contents of the clipboard.

Previously, Facebook could have scraped it from the background.

Now you implicitly grant permission to read your clipboard whenever you open
an app or extension.

My app Workflow[1] has a great workflow in its gallery that you can run from
your widget to clear your clipboard if you regularly copy sensitive
information.

[1] [https://workflow.is/](https://workflow.is/)

~~~
kfriede
> My app Workflow[1] has a great workflow in its gallery that you can run from
> your widget to clear your clipboard if you regularly copy sensitive
> information.

Shameless plug, but the app looks awesome. Would be cool (if not already done)
if you could plug into IFTTT to fill in features that you can't/don't want to.

~~~
conradev
Definitely! I made sure to prefix it with "my" so it was clear :)

IFTTT integration is on the roadmap!

------
EpaL
For those using iOS in the enterprise and worried about data leakage, this
sort of thing should give you pause.

This sort of thing is difficult to detect in the AppStore Review process so
apps that may appear benign could quite easily use this method to try to steal
sensitive information with little risk of detection.

We've been lobbying Apple for a while now to improve the controls around
clipboard data; specifically to allow us a policy that prevents prevents
personal / unmanaged apps from seeing data that was copied from enterprise /
managed apps. It might not solve the personal privacy issues but would
significantly reduce this as a risk for corporate data.

~~~
fuj
...and this is one of the many reasons that any organization that does care
about security "still" uses BlackBerry

------
userbinator
Is the disturbing part the fact that this is _Facebook_ doing it, or that apps
have access to the clipboard? Because the latter has been the norm for all
apps on desktop OSs AFAIK, and enables extremely useful sharing of information
between them (I have a download manager that automatically catches URLs, for
example.)

~~~
geofft
All desktop apps have access to everything. Your download manager can also
unlock your browser's saved passwords, read your emails, copy your SSH private
key, intercept your IMs, spoof your bank's website, etc. Some of these attacks
are more difficult and leave more of a chance of detection than others, but
they're all possible.

This is widely considered a mistake, but it's also an implication of steady
backwards-compatibility in app design -- and in many cases, code -- since the
late 1980s. No one expected Lotus 1-2-3 to steal your WordStar documents,
partially because neither of these were networked. So the OSes told Lotus
1-2-3, WordStar, and anyone else who came along that they had access to the
entire drive and they could be designed as if they had that access, even
though they didn't need it. Apps could ship their own Open dialogs; the OS
trusted that they would only open files they were told to. A quarter-century
later, the Windows and Mac App Stores are trying to reverse this, but the app
developers are understandably grumpy because they have a quarter-century of
code that never had to deal with such a design principle.

And the Windows and Mac App Stores are attempting to reverse this by reference
to mobile app stores. Mobile platforms, being an entirely new mental model for
both developers and users, could abandon lots of the design principles that
make sandboxing hard. There is absolutely a reason why no mobile app has a
desktop-style Open dialog: the OS doesn't trust it with that power. There is
also a reason that the mobile AV industry is a tiny fraction of the desktop AV
industry, despite mobile use having outpaced desktop use.

~~~
TeMPOraL
> _This is widely considered a mistake_

Is it? I've heard voices, but I didn't realize it's a very popular opinion.
Personally, I think it's a feature and what makes desktop useful as a tool, as
opposed to mobile devices being mostly toys.

~~~
danielheath
I tend to think of systems which don't sandbox each process effectively as
'toys' since I can't meaningfully trust them to run code I haven't audited.

~~~
TeMPOraL
You can't trust sandboxed systems either, and honestly, who ever audits the
code they run? "Auditing code" is a smart-sounding phrase that is meaningless
to 99% of users. Also, have you audited your sandbox's code yet?

I consider mobile apps toys because they're designed to contain and own your
data, and that impares both the ergonomy of work and limits your capability
for doing things to whatever is available in the MVP some startup released.
Most apps don't evolve past the point of MVP.

------
spicyj
The app doesn't send anything to the server:

[https://twitter.com/alexstamos/status/655459585642225664](https://twitter.com/alexstamos/status/655459585642225664)

~~~
i_have_to_speak
So says a random tweet.

According to Facebook's Privacy Policy [1], "We collect information from or
about the computers, phones, or other devices where you install or access our
Services, depending on the permissions you’ve granted." Since obviously you've
granted it permission to access the clipboard of your device and you've agreed
to this Privacy Policy while installing the app, Facebook can legally collect,
store and sell the contents of your clipboard.

[1]
[https://m.facebook.com/about/privacy](https://m.facebook.com/about/privacy)

~~~
mbesto
> random tweet

From the Chief Security Officer of Facebook....

~~~
i_have_to_speak
And the CEO of a car company recently said "This was a couple of software
engineers who put this in for whatever reasons."

------
vbezhenar
I think it's weakness in iOS security architecture. App shouldn't be able to
access clipboard by default. iOS should provide API to call context menu with
Paste menu item and that menu should be protected from app intervention, so
user can paste clipboard anywhere but app can't force him to do that.

And if App provides some extended functionality for which it need to
constantly monitor clipboard (I never used such app), it needs special request
from user and special flag in plist file, so moderator can review it.

------
jakejake
UPS does the same thing, scanning for tracking numbers. I don't find it
particularly creepy, but it probably should be a privacy setting just like
location, camera, etc.

~~~
walterbell
Yes on a new privacy setting. Bonus points for having policy settings that
depend on both source and destination, e.g. a custom policy for a string that
originates in a password manager.

~~~
TeMPOraL
And then let's default it to deny access, and suddenly we've just destroyed
the clipboard.

I don't like the direction where this is going. We've created an adversarial
situation, where software developers go _against users_ and against each other
and then instead of fixing that, we keep destroying features of cooperation
and interoperability in the name of "security" and "privacy".

~~~
cm2187
The clipboard is not for apps to help themselves in what the user does, it is
for the user to use directly. If apps do want to programmatically access the
clipboard I don't see why not forcing them to ask first.

------
vowelless
People who use password managers tend to use the clipboard to copy the
passwords around. I assume those passwords are also available in these apps?

~~~
gelatocar
That is kinda worrying, though I don't use that functionality myself. Is there
another way that passwords could be passed between apps without using the
clipboard?

~~~
toomuchtodo
Have the password management app emulate a custom keyboard?

~~~
sratner
Keepass2Android does exactly that, and additionally auto-fills password and
confirmation fields when you focus them with the custom keyboard active. Very
handy.

([https://play.google.com/store/apps/details?id=keepass2androi...](https://play.google.com/store/apps/details?id=keepass2android.keepass2android&hl=en))

------
adam101
With Protect My Privacy
([http://apt.thebigboss.org/onepackage.php?bundleid=org.protec...](http://apt.thebigboss.org/onepackage.php?bundleid=org.protectmyprivacy.pmp))
you can control which application can access your clipboard (and many other
things) on jailbroken ios.

------
rollback
Pretty common to do this for apps where people might want to copy/paste into
the app.

~~~
monochromatic
Why? If I want to paste, I tap and say paste.

~~~
xuki
It's a better experience to show a pop up asking to save a clipboard URL to
Pocket rather the user has to tap on a few buttons to do it. The key is to let
them switch the feature off.

~~~
monochromatic
The ideal user experience would be for the app to forward all my emails,
texts, and other personal data to an employee so that the employee could read
them and make relevant suggestions.

But I don't want that either.

~~~
TeMPOraL
Some do. It's usually called having a secretary.

We must be careful to pick up sane defaults; just shutting down everything
because "privacy" is not a way to build useful technology.

~~~
monochromatic
Nobody expects or wants the Facebook to act like a secretary.

------
irtefa
Google Chrome does the same when you are trying to enter a URL.

~~~
danso
As does the Pinner app (for Pinboard) to make it convenient to add bookmarks
via copying the current URL.

~~~
squiggy22
As does Pinterest.

------
suprjami
> what can we do? How about stop using this fucking terrible app?

------
PSeitz
Same on android, my japanese dictionary checks the clipboard for automatic
searches. I was surprised that it didn't require any authorizations.

[https://play.google.com/store/apps/details?id=com.cal.pas.ul...](https://play.google.com/store/apps/details?id=com.cal.pas.ultimatejapanese)

------
kercker
Pocket on Android can also do this, I never thought it as a problem, but a
functionality that facilitated share of urls from apps that can not share urls
to other apps on my phone, but can copy the url.

~~~
rythie
Pocket for iOS does this too.

------
wahsd
Facebook is simply an evil company that you should loathe just like any other
malicious operator on the internet. What the heck is wrong with people that
everyone would be so smitten with the psychopaths at Facebook. How would you
feel if any number of malicious actors did any number of the horrible things
Facebook does on a regular basis?

I can tell you, you would be pissed off. But instead, you simply feed ever
more information into the Facebook global surveillance system. Good job.

------
wodenokoto
My Japanese dictionary has auto look up, so if I copy a word from a website
and open the dictionary app, it will look it up automatically.

Or as the website claims: it scrapes my clipboard.

------
pazimzadeh
Instapaper has been doing this for a while.

------
heyitskevin
The Plex app accesses your clipboard every time you open the app to check if
what's in there is a link. If it finds a link it asks you if you want to add
that link to your Plex Queue.

This functionality is used to add videos from the web to your Queue for later
viewing.

------
cm2187
Does that happen even when the facebook app is not active? Does the content
gets uploaded?

------
danielrhodes
I like this feature and don't think it is creepy. All they are probably doing
is regex'ing a URL and if one matches showing it there. Sure they could see
some other random thing I have copied, but there is no incentive for them to
do anything with that information.

------
legohead
And Gmail scans your emails in a functional way as well...

------
rokhayakebe
Every third week there is a problem about privacy and security.

How do we solve these issues once and for all? Is it on the OS level, or
consumer education, or must the government intervene?

------
leed25d
I removed the facebook app from my phone a long time ago. I do not intend to
put it back.

~~~
danielrhodes
Thanks for telling us! We all wanted to know.

------
ForFreedom
Flipboard used to scrape it before Facebook. So this is not new

