Popular shopping app caught spying on users' copy-and-paste activity — do you have it on your phone?

Shein app
Shein app (Image credit: Getty Images/NurPhoto)

Microsoft recently discovered that a passé version of the Shein Android mobile app accessed users' clipboard activity. In other words, whenever a user would copy content before pasting it, the Shein app periodically read it.

Shein's Android app in the Google Play Store has attracted more than 100 million downloads. Even if the shopping platform had no ill intent behind its espionage, this behavior is alarming enough to make us wonder which other apps are surreptitiously spying on us.

Shein app caught spying on users' copy-and-paste activity

As mentioned, the Shein app was caught red handed spying on users' copy-and-paste activity, but to make matters worse, if the contents met a specific criterion, they would be sent to a remote server.

Shein call chain

Microsoft's visual of the Shein app call chain (Image credit: Microsoft)

"While we are not specifically aware of any malicious intent behind the behavior, we assessed that this behavior was not necessary for users to perform tasks on the app," Microsoft said.

Spying on clipboard content is a popular cybercriminal tactic, allowing hackers to exfiltrate sensitive data, collect private information, modify copied cryptocurrency wallet addresses (so that victims unwittingly send digital assets to an attacker's wallet), and more. Microsoft warns that this mode of attack uses a legitimate system (instead of exploiting a security flaw), so tackling this issue is challenging.

The Shein app version in question is version 7.9.2, which was released on Dec. 16, 2021. Fortunately, in May 2022, Shein removed the clipboard-spying behavior from its app.

In response to Microsoft's research findings, Google made the following improvements to the Android platform:

  • On Android 10 and newer: No application can access clipboard unless it currently has focus (is actively running on the device's display) or is set as the default input method editor.
  • On Android 12 and newer: A message will appear notifying the user when an application calls Clipboard Manager to access clipboard data from another application for the first time.
  • Android 13: Clipboard contents are cleared after a period of time for an additional layer of protection.

You may be wondering, "What can I do to protect myself from nosey applications?" As mentioned, Android 12 and newer will tell you when an app is attempting to access clipboard. In this case, consider removing all suspicious applications.

Lastly, Microsoft recommends keeping your device and installed applications updated. And of course, never install apps from untrusted, illegitimate sources.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!