Wait - BankID requires an Android or iOS app in Sweden? Sounds cumbersome. Here in Norway BankID is a SIM application that follows your SIM card regardless of OS or if you swap your phone. So you could basically stick your SIM in a stone age cell phone and still use your BankID.
The permission is signature|privileged. Only apps signed with the same keys as the OS itself or pre-installed in /system/priv-app can get the permission at all.
I always thought it was insane that any app could just listen to everything that went to the clipboard, even while in the background and without any permission. I'm sure many people copy passwords, credit card numbers, bitcoin private keys, etc.
I'm still of the opinion that apps with focus should not be able to read the clipboard by default. iOS allows this too, but this means that apps can (and do!) read stuff like passwords, links, and other stuff you've been interacting with passively.
I have been highly concerned about this after I opened a certain iOS app, and was immediately greeted with a system alert saying "Pasting from Mac..." even though there was NO reason whatsoever for it to access the clipboard (it was basically the first-run splash screen.)
Thanks to Apple's Continuity feature [0], you can seamlessly copy/paste across iPhones, iPads and Macs, and indeed it can be handy.
But if my network (or something else) hadn't been laggy at that time, I would have never caught that app trying to obviously snoop my clipboard's contents. I'm sure many more apps do this and they must be exfiltrating it.
And yes, I often copy/paste sensitive data to avoid retyping it, so this is practically CROSS-PROCESS, CROSS-DEVICE SPYWARE in an innocuous way that very few people would even think of, or should ever have to worry about.
The solution is simple: Don't let any process read the clipboard unless the user explicitly chooses to paste.
Apps that need automatic clipboard access to offer added convenience (like autofilling certain forms) should require explicit permission, just like we have for camera/microphone/etc., and preferably only while the app is in focus.
After all, such "intent-based security" is the reasoning behind the existing macOS "PowerBox" [1] which lets apps access only the files that the user manually chooses in an open/save dialog. Extend it to the clipboard too.
> The solution is simple: Don't let any process read the clipboard unless the user explicitly pastes.
but how does an OS know that a particular key combination is meant to mean "paste"?
Couldn't the app just pretend that the user wanted to paste because their cursor is in the password field?
Or, you end up with the OS owning all of an app's interaction. Leaving very little room for app innovation or improvement. It's a bit of a rock and a hard place.
> how does an OS know that a particular key combination is meant to mean "paste"?
macOS and iOS can do that easily; every app has a standard menu provided by the system, as well as a mechanism for modifying default shortcuts.
The clipboard should be treated like a potentially sensitive file. There's no excuse not to include it in the explicit permissions we already require for other files, photos, camera, microphone, contacts, location, and so on.
Personally, I always use the same app when sharing URLs (Send to Instapaper). Yet, it always shows me default actions I never used (send via Twitter DM, Print, etc.) and takes like 5 seconds to have the UI usable.
The user can always refuse access to SMS, contacts and other sensitive features on Android.
I have Messenger on my Pixel, it's working fine without having access to all of that.
This is actually untrue for about half of all Android users. Being able to granularly adjust permissions is fairly new, and of course, if you aren't buying the latest phone every year, it'll be a long time until you get this.
I'm a heavy Instapaper user myself and was always disappointed with the quality of the official Android app: it runs terribly slow, some articles don't even show up, no image thumbnail, etc.
My app doesn't have all the feature from the official app yet (I'm starting simple), but I'm very open to feedback.
I remember posting about it here in the past, because I was so in love with the service that allowed me - a complete beginner - to get a case 3d-printed cheaply and easily.
It consists of an LCD-screen and an ESP8266 device. (Think "like an arduino, but with on-board wifi". Programmed in C++ it basically polls an online URL to decide what to display with a simple web interface you can point your browser at to change the timezone, the stop-id being monitored, etc.
