Zero Permission App - Clipboard data

Android Q Adds New Permissions for Clipboard Access and Blocks Background Clipboard Reads


One of the function that our app, Device Information (Zero Permission App), provides is to display the data or information in the Android clipboard. This demonstrates to the user that sensitive data such as document, passwords, SSNs if copied may be leaked to Android app that reads the clipboard without user knowledge.

Our app has no permission and thus it is safe to download and test. It displays information on Android device with zero permission required. The goal of the app is to spread the message of the danger of information leakage via Android app.

The good news is when Android Q arrives, the problem of malicious apps copying the clipboard data may finally be patched. Android Q is found to have new permissions, READ_CLIPBOARD_IN_BACKGROUND, for applications to request if they required clipboard access. This will definitely blocks some of the malicious apps that steal information or uses this as a covert channel to communicate with another app.

Android is definitely moving in the correct direction for closing this vulnerability. The problem of relying on users to keep abreast of the numerous permissions may not be a good security fallback.


No comments:

Post a Comment