Apps caught reading clipboards
- In March 2020, security researchers Talal Haj Bakry and Tommy Mysk reported that dozens of popular iPhone and iPad apps, including TikTok, were quietly reading the pasteboard every time they opened. Source (2020)
- When Apple shipped the iOS 14 paste notification in mid-2020, it flagged TikTok plus 53 other apps reading the clipboard on launch, turning previously invisible behavior into a visible banner. Source (2020)
- TikTok was reading the clipboard repeatedly, not just once on open, and stopped the behavior in an app update after iOS 14 exposed it. Source (2020)
- In March 2023, Microsoft’s security team reported that an older version of the SHEIN Android app, which has over 100 million downloads, periodically read the device clipboard and, when it matched a pattern, sent the contents to a remote server. SHEIN removed the behavior after it was reported. Source (2023)
Clipboard-hijacking (clipper) malware
Clipper malware watches your clipboard for something valuable, most often a cryptocurrency wallet address, and silently replaces it with the attacker’s address so a payment you paste goes to the wrong place.
- In September 2024, Binance issued a public advisory warning of an ongoing clipper malware threat, noting a spike in activity around August 27, 2024, and that the majority of attacks target mobile users because typing a wallet address by hand is so awkward there. Source (2024)
- The technique is not new. In 2022, researchers documented a clipboard hijacker (Laplas Clipper) that swaps a copied wallet address for a lookalike, with observed samples growing from under 20 a day to 55 in the space of a month. Source (2022)
We have not found a credible, specific dollar figure for total losses to clipboard-swapping malware, so we do not quote one. The verifiable takeaway is that this is an active, tracked threat, and that copy-paste is the exact moment it exploits.
What each operating system does about it
- iOS. Since iOS 14 (2020), the system shows a banner when an app reads text from the clipboard, which is what exposed the 2020 wave of snooping apps in the first place. Source (2020)
- Android background block. Since Android 10 (API 29), an app cannot read the clipboard unless it currently has focus or is the default keyboard, so background apps are blocked from reading it at all. Source (2019)
- Android toast.Since Android 12 (API 31), when an app reads clipboard data that came from a different app, the system shows a toast reading “[App] pasted from your clipboard.” Source (2021)
- Web browsers. Reading the clipboard with the Async Clipboard API is gated behind a clipboard-read permission and must originate from a user gesture such as a click or keypress, so a page cannot silently read what you copied. Source (2020)
- Windows and macOS. Neither desktop OS notifies you when a local app reads the clipboard. Any program you run can read it silently, which is precisely the gap the mobile notifications were built to close. You can confirm this from the platform clipboard APIs, which any process can call without a prompt (Windows GetClipboardData (docs) and macOS NSPasteboard (docs)).
Workplace and healthcare copy-paste
The clipboard is not just a security surface, it is a heavily used tool in serious work, which is part of why its contents can be so sensitive.
- A 2017 JAMA Internal Medicine study of 23,630 inpatient progress notes from 460 clinicians found that in a typical note only 18% of the text was typed fresh, while 46% was copied and 36% was imported from elsewhere in the record. Source (2017)
- The ECRI Institute and its Partnership for Health IT Patient Safety have described copy-and-paste in electronic health records as widespread and often underreported, and published safe-practice recommendations to reduce the patient-safety errors it can cause. Source (2017)
What this means for you
Put the pieces together and the picture is simple. On a desktop, any app you run can read your clipboard without telling you. That is not a bug in one program, it is how Windows and macOS work. Your clipboard passes through passwords, one-time codes, private messages, wallet addresses, and whatever you happened to copy last.
A clipboard manager sits right in the middle of this, because it is itself an app that reads everything you copy. That is the whole point of it, and it is also exactly why the design matters. A manager that keeps your history in plain text on disk, or syncs it through a server that can read it, widens the surface. Local-first storage and end-to-end encryption are what keep the convenience without handing your history to anyone else.
That is the line Relic tries to hold. Every item is encrypted on your device with XChaCha20-Poly1305 and Argon2id before it is saved or synced, so the stored history and the sync server only ever hold ciphertext that we cannot read. To be honest about scope: the desktop client is live on Windows today, other desktop platforms are in beta, and on phones Relic is a browse-and-search companion rather than a background recorder, because mobile operating systems (the same ones adding the protections above) do not let apps capture the clipboard in the background.
Frequently asked questions
Can any app read my clipboard?
On desktop, yes. Windows and macOS let any running program read the system clipboard silently, with no permission prompt and no notification. That is why researchers keep catching apps reading the clipboard the moment they open. Mobile is stricter: iOS shows a paste banner and Android 12 shows a toast when an app reads clipboard data that came from another app, and Android blocks background apps from reading it at all.
How many apps were caught reading the iPhone clipboard?
In June 2020 the paste notification added in iOS 14 flagged TikTok plus 53 other apps reading the clipboard on open, based on earlier research by Talal Haj Bakry and Tommy Mysk. TikTok was reading it repeatedly and stopped after being caught. In 2023 Microsoft reported that an older version of the SHEIN Android app, which has over 100 million downloads, periodically read the clipboard and sent matching content to a remote server.
What is clipboard hijacking or clipper malware?
Clipper malware watches your clipboard for a cryptocurrency wallet address and silently swaps it for the attacker's address, so a copied payment goes to the thief instead of the intended recipient. Security vendors have tracked it for years, and in September 2024 Binance issued a public advisory about a spike in these attacks, which mostly target mobile users because typing a wallet address by hand is so awkward.
Does a clipboard manager make this worse?
A clipboard manager is itself an app that reads everything you copy, so on desktop it can see the same sensitive data any other app could. What matters is what happens next. If a manager stores your history in plain text on disk or syncs it through a server that can read it, that is a bigger surface. Relic encrypts every item on your device with XChaCha20-Poly1305 and Argon2id before anything is saved or synced, so the stored history and the server only ever hold ciphertext.
Which operating systems notify you when an app reads the clipboard?
iOS has shown a paste banner since iOS 14 (2020), and Android has shown a clipboard-access toast since Android 12 (2021), on top of the Android 10 rule that background apps cannot read the clipboard at all. Web browsers gate clipboard reads behind a permission and a user gesture. Windows and macOS have no such notification for local desktop apps: any program you run can read the clipboard without telling you.