When you copy and paste text and other items in Windows, MacOS, Android, iOS and most other operating systems, that data goes into a temporary holding area called the clipboard. Some apps can extend this area to hold multiple items, but the gist is that whatever is in the clipboard can be pasted wherever things can be pasted -- and in some cases, apps without clear authorization to use the clipboard can access its contents.
By default, any app on an Android device can view the contents of your clipboard. Since you may be using the clipboard for highly sensitive activities like connecting a password manager app to a mobile web browser to access your bank's website, carte blanche access probably isn't a good idea.
However, thanks to some recent discoveries by the reverse engineers at XDA Developers, it looks like the next version of Android (dubbed "Android Q" for now) may finally put some restrictions on this area of the operating system. In a test version of Android Q, they discovered a new clipboard permission that specifically targets apps operating in the background. This means that an app that wants that access must explicitly ask the user for it.
Of course, an Android app may ask for a whole slate of permissions when you install it, and you usually can't accept some while denying others. Apps like Bouncer can temporarily block specific requests, but this block can also cause unexpected behavior or stop an app from working altogether; most Android apps aren't designed to handle selective permissions.
Since clear explanations for Android app permission requests remain uncommon, Android Q's apparent ability to screen clipboard access may not benefit users as well as it could, but it's an important first step to prevent the unauthorized interception of personal data like passwords, street addresses and phone numbers.
FOLLOW Download.com on Twitter for all the latest app news.
It may also help protect users against blatantly malicious apps that sometimes sneak onto the Google Play Store, not to mention the legions of potentially sketchy apps that can be manually installed via a method known as sideloading. Google prohibits a wide variety of apps from appearing on its Play Store, but they can still be found elsewhere.
Google customarily waits until its annual I/O conference to unveil the next version of Android, and that event starts on May 7 this year. If this apparent clipboard screening feature makes the cut for Android Q, we'll probably get more info about it then, so we'll keep our eyes peeled.
- XDA Developers has reverse-engineered an early version of the next major release of Android due this fall, and it discovered a new app permission that could be used to restrict access to the system clipboard.
- The clipboard is where data goes when you copy something to paste somewhere else; since this can include private info like passwords, street addresses and phone numbers, it's important that apps without a legitimate need for the clipboard get prevented from accessing it freely.
- Gmail vs ProtonMail: Is it time for email with higher security and privacy?
- Android Messages is adding Google's new Spam Protection feature
- 85 more Google Play Store apps found to have Android malware
- Twitter admits bug exposed some Android users' protected tweets for years (CNET)
- These malicious Android apps will only strike when you move your smartphone (ZDNet)
- Major vulnerability found in Android ES File Explorer app (TechRepublic)