grepx/android-clipboard-security

Excellent Topic

TonyTangAndroid opened this issue · 2 comments

Hi there,

I am not trying to raise an issue here. I just would like to let you know that I share the exact thought with you. It is so odd to me that Clipboard Listener does not require any permission at all. And with the Internet Permission, this is just insane.

That is the reason why I developed AnyCopy, which is a clipboard manager app that does NOT require Internet Permission to eliminate the possibility that the app would upload the data to the server. You might want to give it a try.

Best regards,
Tony

I realize this is two years later, but I'm posting for future readers. Tony please consider closing this issue. Your app does not fix the main problem raised by this repo. Multiple apps (including yours) can access the ClipboardManager service when the clipboard changes. Your app not requiring the intermet permission only means that your app won't be able to upload the clipboard somewhere. Any other app that has internet access will be able to do this.

As mentioned in the README of this project, the only way for an app to handle sensitive information is to do autofill or a custom keyboard to input the text directly from the trusted app.