As of a few years ago, iOS started showing a modal warning whenever an app tried to read your clipboard. This was done to prevent apps from transparently monitoring your clipboard and gobbling up whatever was there. Some apps did this for nefarious reasons, while others had practical user-centric reasons to do it. It’s my opinion that Apple’s solution has done a good job stopping bad apps from doing this, but it’s also negatively impacted the user friendliness of apps doing it for good reasons. I want to come up with a tweak that I think strikes a better balance between privacy and convenience.

The problem

The screenshot at the top of this post is one that I see in two apps almost daily: Parcel and Readwise Reader. Parcel shows it when I go to add a new package to track. It assumes that I likely have the tracking number I want to track on my clipboard, so it tried to autofill the tracking number with that value for me, but this modal adds a tap to the process. Readwise Reader checks the clipboard on app load and if there is a URL there, it shows a UI element that lets me save this URL to my reading list with a tap. Again, the modal slows this down.

I've been annoyed by these pop ups so many times that I posted a snark about them on Mastodon, and while some people took that the wrong way (story for another day), it seemed to resonate with a lot of people.

So how do we make the experience better while not enabling bad apps from clipboard surfing?

The workaround today

Quick aside here to mention that you actually can remove this modal in some apps already by going to the Settings app and then scrolling to the list of apps at the bottom. Tap on the app you want to change and tap into it. There should be a setting for "Paste From Other Apps" that you can set to ask, deny, or allow. Set it to "allow" and you'll never see the modal alert again.

Thanks to some helpful people on Mastodon, I discovered this was a thing, and my solution below is basically bringing this interface more front-and-center.

My suggestion

I would love to see is a modal like this come up when an app tries to read your clipboard:

Give me the option to approve the paste just this once, allow it whenever this app is in use, or just don’t allow it. The position and wording of each option is negotiable, but something like this would (in my view) help people continue to control which apps can access their clipboard, as well as let you approve certain apps of your choice with ease. And the three dots at the end of the middle option indicates a confirmation message would appear, briefly explaining the risks of this access, and how personal info like passwords could be on your clipboard, so be careful.

Apple could even hide the "always allow…" option until the user had allowed an app to see the clipboard like 5 times in a row. That would avoid giving full access to apps that you don't want to give it to, and it even helps keep the number of apps with this always access down. After saying "allow paste" in Parcel 100+ times in the past few years and never hitting no, it might be safe to let me just say "always allow" at this point, but maybe an app where I paste once in a blue moon doesn't need it.

They could go the other way as well: if you deny an app a few times in a row, there could be a new option the next time that asks if you want to block this app from the clipboard forever.

And as they've done recently with location, photos, and calendar access, it could make sense to occasionally show an alert that tells the user that this app has access to your clipboard and how often it's used that access in the last X days.

Finally, iOS could have some intelligence to know what's on your clipboard and behave differently based on what is currently on your clipboard. It would be an imperfect science, but maybe iOS could always show the modal when it thinks a password is on your clipboard. This could be done with regex, an ML model, or as the modal states, it knows what app you copied something from, so maybe anything copied from a password manager would always show the modal. Do the same for things like SSNs, driver's licenses, credit card numbers, and anything else that is likely to be sensitive, but let things like URLs, emails, and just normal text could seamlessly work in apps you have given enhanced access.

Precedence

There’s absolute precedence for this on iOS, as those options in my mock up are taken word-for-word from the location access permission. In fact, you can give an app unfettered and eternal access to things like your microphone, camera, entire photo library, exact real time location, and notifications. Here are the alerts all showing in the Facebook app:

Apps on iOS are able to be granted eternal access to our photo libraries, which have location data, photos of sensitive things like driver’s licenses and other personal items, and potentially risqué photos of you and loved ones. I think that these are heightened permissions, and not all apps need them, so gating them at the OS level with user control seems right to me.

Imagine if you opened Photomator and it asked you for Photos access before opening a photo. Or Halide pestering you for camera access every time you opened the app. Or Ferrite asking for microphone access every time you went to record a podcast. These all sound terrible to me, but it’s how clipboard access works today (unless you're one of the few that knows about the buried setting mentioned in the workaround above).

My proposal is basically to tap into those permissions that already exist in the Settings app and make them more accessible to users, just like other sensitive info on iOS.

Final thoughts

I see the value in the modal as it exists today, and I don't think we should go back to a world where all iOS apps could get unfettered access to your clipboard without your consent. I think my suggestion maintains the protections the current solution offers, makes it easier for people to have a better experience in the apps they trust and use all the time, and makes it easier to full on block apps that you never want to see your clipboard. I also think that the periodic reminders, and only showing the "always allow" or "always block" options after a user has shown how willing they are for an app to see their clipboard, would help mitigate any new risk introduced by this change. Privacy is always a balancing act between security and convenience, and I think the current solution errs a bit too far on the security end at the expense of convenience.