Windows app can do this. Heck, in the case of a Windows app, you need not even poll the clipboard, you can sign up for notifications when it changes. The API is ancient, well documented, and provides no feedback when it's being used. And some apps indeed use it, one obvious one is remote desktop apps use it to "sniff" what's in the clipboard to mirror it along.
Is there a reason whatever security trade offs are OK in Windows, but not on a phone?
These security trade-offs are not really OK on desktop either, but Windows (and macOS) have a long tail of backwards compatibility they are trying to maintain and slowly steer towards similar security levels (as in the case of the mac app store or the windows store platform). Both of those platforms are struggling to do that although have made some incremental progress but nowhere near the degree that iOS has.
iOS was designed very early on with heavy sandboxing and as a new platform that was happy to break many of the norms of desktops. They have been very successful in having a usable platform that is heavily sandboxed and closes more of these snooping holes over time. Of course the trade-off has been flexibility and it has taken them a long time to get where they are now and have a usable OS and also have such sandboxing. (remember the first iPhone didn't even have an app store!)
To some extent most applications moving to being web-based has won a lot of this sandboxing on desktop that it wouldn't have otherwise had, and web apps cannot read from the clipboard in modern browsers.
The Windows 10X sandboxing for Win32 is yet another step into that direction, each application gets their own little world thinking that they still own the PC, when in fact they are part of a Windows container.
I think this is largely a business model thing - because your phone is virtually always on your person, it is a very rich source of information useful for advertising. Because of that, there are more apps that build their business model around harnessing that kind of data on your phone than on your pc. The ones on your pc that do this are mostly websites, not installed software - if your browser allowed that kind of access, you'd probably see a ton of websites abusing it in the same way as mobile apps.
I think it's partially because we're taught to treat "Apps" like candy, and "Applications" like something a bit... well... more?
At some level, I think this means that the expectation is that I should just, on a whim, download and play with an App. But when it comes to Applications, I should do my homework. Plus, Apple's already done my homework for me amiright /s.
This is of course completely backwards, since the App Store doesn't let me try before I buy, while Applications (as I'm trying to use the term) exist on platforms with less hostile restrictions.
---
It's also partially because we're becoming more sensitive to these issues as society, and most people use their phones a lot more than their computers, honestly.
Windows itself can do this. Win+V will now will up clipboard history.
I had no idea it existed initially, but until i disabled it there was a nice easy-access list of all of my recently used passwords. I assume other programs can't access that. But I don't want Microsoft syncing all my clipboard history to the cloud. No thanks.
Many of today's apps are user-hostile. Most of those apps, on desktop, end up taking the form of a website. Web browsers have much stricter policies than desktop OSes; much more akin to mobile OSes. The desktop app model was designed with the assumption that you 100% trust everything you install.
> Is there a reason whatever security trade offs are OK in Windows, but not on a phone?
Obviously the Windows APIs are far older and are from a time when there wasn't the same concept of untrusted code.
Also, people do tend to install more random software on their phones than their desktops and laptops in my experience. Someone will install a funny Chinese app in the pub based on a recommendation from a friend. They wouldn't do that to their desktop system.
Not at all, hence the move into UWP and for those that insist in staying with Win32, they get their sandbox as well since introduction of MSIX.
On the upcoming Windows 10X, each Win32 gets their own little world, as the next step since Microsoft decided to merge UWP and Win32 sandboxing concepts.
This is one reason why KeepAss (at least on linux) can use xdotool for writing passwords. You can of course use the clipboard too but the app warns that it is not safe.
Windows app can do this. Heck, in the case of a Windows app, you need not even poll the clipboard, you can sign up for notifications when it changes. The API is ancient, well documented, and provides no feedback when it's being used. And some apps indeed use it, one obvious one is remote desktop apps use it to "sniff" what's in the clipboard to mirror it along.
Is there a reason whatever security trade offs are OK in Windows, but not on a phone?