
If Apple cares so much about privacy, why does it approve clipboard snoopers? - georgespencer
https://medium.com/@probablygeorge/if-apple-cares-so-much-about-privacy-why-does-it-approve-clipboard-snooping-apps-75552bb9ccca
======
kevsim
I've said this before on similar posts, but I think most clipboard "snooping"
is not nefarious, it's boneheaded. Developers get a requirement like "if the
user has a URL in their clip board, give them an option to share it with a
single click". Then they do a poor job actually implementing this code by
sticking it in some delegate the fires way more often than they think and all
of a sudden they're "snooping". Not saying there aren't bad actors, just
saying we're maybe blowing it out of proportion.

And kudos to Apple for making this stuff more obvious in iOS 14.

~~~
georgespencer
OP here! I believe Apple is badly letting its users down.

The interaction and security paradigms on iOS being better and different to
macOS is something Apple invests heavily in marketing. I'm a technically
proficient user, but I didn't know that my iOS clipboard was an open book for
each app. Basically: I believe that the average user has an increased
expectation of privacy on iOS, and Apple does a lot to cultivate that
expectation.

My intuitive belief in how it worked (which turned out to be wrong) is
probably close to the system I now advocate for Apple to reform to:

0\. Apps cannot access clipboard contents by default,

1\. UIPasteboard should be pollable for whether the clipboard has contents on
it or not,

2\. UIPasteboard should be able to return the type of object on the clipboard
so that apps don't incorrectly show e.g. an active "Paste" button when the
user has a text input field selected and an image is stored on the clipboard,

3\. Apps should only be allowed to access the contents of the clipboard when a
user invokes a specific action to paste.

4\. Apps which wish to prefetch URLs or other predictable strings (e.g. feed-
readers and podcast apps) should present a regex-type pattern for the type of
string they expect to be on the clipboard, and then Apple should display the
URL in the system keyboard (where the predictive text field / SMS code fetch
goes atm).

It's crazy to me that Apple is being applauded for sending privacy alerts for
a behaviour they have the power to stop.

~~~
jshier
1\. It does. numberOfItems will tell you how many items are on the pasteboard.

2\. It does. contains(pasteboardTypes: [String]) will tell you whether the
pasteboard contains items of particular types.

3\. Okay, but that's a huge shift from the status quo and breaks quite a few
app workflows, especially conveniences the user expects.

4\. Yes, this would be the biggest improvement to fix the disruption caused by
3.

Edit: But even with 4, automatic access would still trigger the new iOS 14
warning, unless Apple turns that off if you've queried for a particular
pattern. I don't see that happening. I'm guessing devs will just provide their
own approval for this feature so the users aren't surprised when they see the
pasteboard access warning.

~~~
georgespencer
Sorry if I wasn't clear: this should be the ONLY way clipboard contents can be
accessed. Saying "it does" work like this tells half the story: developers can
do these sensible things to check out the clipboard in a privacy-conscious
way, but if apps can choose to access it without doing those things, it's not
working as a user might expect it to.

Can you think of any conveniences which are broken by step 3? It's probably
just my basic workflows, but I _never_ see any prefetching of clipboard
contents with the exception of URLs.

------
vr46
There’s sometimes a trade-off between privacy and utility and Apple are very
good at making tough decisions on users’ behalf. Not perfect, but very good.
Clipboard “snooping” could be anywhere between enthusiastic developers
providing utility to ZOMG THE DEEP STATE IS SPYING ON ME, and the original
article is a bit breathless and eager to stick it to Apple. There are a
limited number of Access All Areas passes doled out by iOS and that number is
shrinking.

------
ssivark
My biggest complaint is how apps have permissions to “pull” stuff from the
device rather than the user getting to “push” only what they deem necessary.
Simple example: why does an app need access to all my photos? When I want to
share a photo, clicking the share button inside the app should open up a
system dialog for me to pick which photos I want to share — and the app should
only ever have access to those!

~~~
millerm
Then you have to deal with the fact that you get a bunch of developers not
liking the default implementation that was given to them and complain that
they can’t write their own. Everyone starts screaming “walled garden!” and
that they’re held back from making ad revenue in someway shape or form.

~~~
zimpenfish
I think it was a mistake of Apple to allow non-os photo pickers. I've got a
big photo library (~100k photos) and custom photo pickers a) take forever to
start up, and more importantly, b) mess up the ordering of albums and/or
photos which makes it a nightmare to find anything.

