Back in February, security researchers Talal Haj Bakry and Tommy Mysk discovered a flaw within Apple devices that could allow hackers to view consumers’ copy/paste information on their smartphones. Now they say that many of the most popular apps already access this data without users’ consent.
In a blog entry last week, the two experts posted the results of an investigation into some of the top apps on Apple’s App Store. The findings show that many of them view users’ pasteboard information every single time they are opened.
“These apps range from popular games and social networking apps, to news apps of major news organizations. We found that many apps quietly read any text found in the pasteboard every time the app is opened,” the experts said. “Text left in the pasteboard could be as simple as a shopping list, or could be something more sensitive: passwords, account numbers, etc.”
Bakry and Mysk say they chose to focus on apps that accessed the pasteboard most often and were the most frequently used by consumers. Some of the top news apps included big names like the New York Times, Fox News, the Wall Street Journal, and CNBC.
Popular games accessing the pasteboard included Fruit Ninja, PUBG Mobile, and several variations of Bejeweled; social networking apps included on the list included TikTok, Viber, and Zoosk; and other miscellaneous apps included Hotels.com, Overstock, Bed Bath & Beyond, and The Weather Network.
What the apps do when they get this information isn’t yet known. The full list of apps can be viewed on the researchers’ post here.