Microsoft recently discovered (opens in new tab) that a passé version of the Shein Android mobile app accessed users' clipboard activity. In other words, whenever a user would copy content before pasting it, the Shein app periodically read it.
Shein's Android app in the Google Play Store has attracted more than 100 million downloads. Even if the shopping platform had no ill intent behind its espionage, this behavior is alarming enough to make us wonder which other apps are surreptitiously spying on us.
Shein app caught spying on users' copy-and-paste activity
As mentioned, the Shein app was caught red handed spying on users' copy-and-paste activity, but to make matters worse, if the contents met a specific criterion, they would be sent to a remote server.
"While we are not specifically aware of any malicious intent behind the behavior, we assessed that this behavior was not necessary for users to perform tasks on the app," Microsoft said.
Spying on clipboard content is a popular cybercriminal tactic, allowing hackers to exfiltrate sensitive data, collect private information, modify copied cryptocurrency wallet addresses (so that victims unwittingly send digital assets to an attacker's wallet), and more. Microsoft warns that this mode of attack uses a legitimate system (instead of exploiting a security flaw), so tackling this issue is challenging.
The Shein app version in question is version 7.9.2, which was released on Dec. 16, 2021. Fortunately, in May 2022, Shein removed the clipboard-spying behavior from its app.
In response to Microsoft's research findings, Google made the following improvements to the Android platform:
- On Android 10 and newer: No application can access clipboard unless it currently has focus (is actively running on the device's display) or is set as the default input method editor.
- On Android 12 and newer: A message will appear notifying the user when an application calls Clipboard Manager to access clipboard data from another application for the first time.
- Android 13: Clipboard contents are cleared after a period of time for an additional layer of protection.
You may be wondering, "What can I do to protect myself from nosey applications?" As mentioned, Android 12 and newer will tell you when an app is attempting to access clipboard. In this case, consider removing all suspicious applications.
Lastly, Microsoft recommends keeping your device and installed applications updated. And of course, never install apps from untrusted, illegitimate sources.