iOS 14 includes a new privacy notification, which alerts users whenever apps access the system clipboard — the invisible place where anything you cut or copy is stored.
Jeremy Burge discovered that TikTok snooped his clipboard every few keystrokes, without him invoking any relevant actions. LinkedIn and others were soon found to be doing the same, and the wrath of commentators duly followed. A balanced censure of the behaviour came from John Gruber:
If you use TikTok you should assume they’ve stored a copy of anything and everything you’ve had on your clipboard while using the app.
(Worth noting that in March TikTok pledged to stop doing this within “weeks”, but failed to do so.)
For many users, this breach will mean that the contents of their Mac and iPad have also been shared with nefarious iOS apps, since a terrific feature of iCloud is ‘Universal Clipboard’, which automatically shares a common clipboard amongst all devices (albeit sluggishly, and with occasional inexplicable failures).* And worst of all, we must take the app developers’ word for it that they have not been transmitting this private information off our devices.
This is breathtaking negligence from Apple, and undermines the very arguments Tim Cook will find himself offering to propitiate anti-trust regulators in Congress this month. The App Store hegemony cannot stand if Apple is not using its lucrative monopoly to prevent privacy violations such as these.
Moreover, consider the striking probability that this privacy feature began with the insight that apps were abusing the clipboard long before masochists like Jeremy installed the iOS 14 beta, and remember that Apple has had automated testing for behaviours like this since the App Store launched.
Here are three simple questions for Apple:
1. For how long has Apple been aware that clipboard snooping is commonplace enough to merit alerting users with the new system-wide alert?
2. Have app updates which snoop user clipboards been approved since the date Apple began working on the system-wide alert?
3. Can you confirm that no app could have invisibly transmitted a user’s clipboard to its servers? (That is to say: is there actual spyware on the app store?)
Epicurus used the existence of evil to describe the logical impossibility of an all-powerful, all-knowing God. Apple finds itself in a similar bind: if they knowingly allow apps on the app store to snoop and transmit clipboards, then they are powerless to protect consumers in the manner they claim to. If Apple does not know of such apps, then the app store monopoly does not protect users, it merely serves Apple’s commercial interests, and the glossy marketing spin is exactly that — spin.
*By the way, is it of precisely no comfort to anyone else that many of the people who are now revealed to have been systematically browsing the contents of our clipboards are citing bugs as their defence? “We were illicitly copying information from your clipboard any time you used our app, but don’t worry! We were only doing it because our engineers are careless!”