Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Android Google IT

Android Q Will Kill Clipboard Manager Apps in the Name of Privacy (androidpolice.com) 42

Bolstering privacy is one of the primary focuses for Google in Android Q, the latest version of its mobile operating system, and that may spell trouble for some of your favorite apps. From a report: In Android Q, Google has restricted access to clipboard data as previously rumored, which means most apps that currently aim to manage that data won't work anymore. Having an app that sits in the background and collects clipboard data can be a handy way to recall past snippets of data. However, that same mechanism could be used for malicious intent. Google's playing it safe by restricting access to clipboard data to input method editors (you might know those as keyboards). Foreground apps that have focus will also be able to access the clipboard, but background apps won't.
This discussion has been archived. No new comments can be posted.

Android Q Will Kill Clipboard Manager Apps in the Name of Privacy

Comments Filter:
  • Tried to find if they had, but all I find is links to apps to help you with the clipboard. Not a knock at any os.

    Hopefully, this will become the new norm of the mobile.
    • by BringsApples ( 3418089 ) on Friday March 15, 2019 @02:45PM (#58280418)

      This App needs access to the following:

      Add/Remove Contacts
      Make & receive phone calls and texts
      Storage
      Wifi
      Bluetooth
      Multimedia
      View Network State
      Automatically start at boot
      Read Phone State and Identity
      Write Contact Data
      Modify/Delete SD Card Contents
      Access to Clipboard

      Whoa, that last one is just too much!

      • It's a start I guess, have to start someplace.
        • by rtb61 ( 674572 )

          No great confidence in Alphabet/Google, I mean to say, a company with the name of Alphabet, can not even reproduce the Alphabet on the keyboards, no all the children must learnt the new QWERTY alphabet, all indexes rewritten to suit the anal retentive types at Google, they had to learn qwerty so fuck all future generations, they can learn it to, what a fucking pack of arse holes.

      • That last one really IS to much as now you have an app that can intercept your password manager.

  • by Anonymous Coward

    If Google took Android security seriously, they'd add a lot more permissions, and they'd make default permission setting "lie to the app and tell it that it has the permission it requested, and then just let it fail silently / return all zeros."

    In this case, the app could believe it has clipboard access, but it just never sees any events. If the user truly wants the app to have this unsafe permission, they can go in and click through some "warning: this is dangerous" menu and give the app the actual permiss

    • If Google took Android security seriously, they'd add a lot more permissions, and they'd make default permission setting "lie to the app and tell it that it has the permission it requested, and then just let it fail silently / return all zeros."

      In this case, the app could believe it has clipboard access, but it just never sees any events. If the user truly wants the app to have this unsafe permission, they can go in and click through some "warning: this is dangerous" menu and give the app the actual permission.

      I'd write an app that does this but it would need access to the clipboard...

    • by Solandri ( 704621 ) on Friday March 15, 2019 @03:13PM (#58280580)

      If Google took Android security seriously, they'd add a lot more permissions, and they'd make default permission setting "lie to the app and tell it that it has the permission it requested, and then just let it fail silently / return all zeros."

      That is in fact what Android has done since Marshmallow (version 6.0, released 2015). When you install an app, it has no permissions unless the user explicitly grants them. Marshmallow had a somewhat clumsy app permission settings interface. But later versions pop up a dialog asking whether or not you want to grant a permission the first time an app tries to do something needing that permission. If you don't grant it, the OS lets the app proceed as if it has permission, and it will either fail silently and work, or return all zeros and crash. Depends on how the author coded the app.

      The only major permission that's allowed by default and cannot be blocked is network access. Probably because giving the user control of that turns ad-driven apps into free apps (at least that's what happens when I deny network permission to apps on my rooted Android phone). Clipboard access is currently allowed, but apparently that's going away (TFA doesn't make clear if it's going to be prohibited entirely, or become user-selectable with Q).

      • by Anonymous Coward

        [Disclaimer: I'm the grandparent AC]

        I guess I should have been more explicit. No, that's NOT how Android 6 permissions work. It's how we wish they worked. This comes up every thread about Android permissions, so I got lazy and didn't spell it out:

        Android 6 permissions are not sufficient (at least not as implemented on 6, 7, or 8.1; I don't know about 9), because they allow the app to know it doesn't have the permissions, and it will nag you every time you use the app. The default needs to be what you claim

        • It's going to be pretty trivial to write an app in any operating system that can test what is capable of accessing and "nag" you. I could write a Powershell or Bash script in about five minutes that would alert a user "Hey, you need to open write access to C:\WINDOWS or /etc".

      • by jrumney ( 197329 ) on Friday March 15, 2019 @04:33PM (#58280920)
        What they are currently missing is an "always ask" permission. You can either grant it permanently or deny it permanently (you can change the permissions deep within settings, but it isn't trivial to do, and there isn't an option to ask again). Even if the app doesn't make sense to use without a permission, I might still like to know when it is using the permission, especially if it is accessing my mic, camera or location.
    • by crow ( 16139 )

      Absolutely!

      Need contacts? Either get the real ones or a fake empty list. Or possibly get some edited set. Or yes, but restricted to just names and phone numbers (or names and email for an email client).

      Need location? Either get the real location, or just get a static location defined by the user.

      Need storage? Either get it for real, or get a restricted app-specific subdirectory.

      Need the network? Either get it, or tell the app that you're offline. Oh, and add this back as a permission even if almost ev

      • by tepples ( 727027 )

        Need contacts? Either get the real ones or a fake empty list. Or possibly get some edited set.

        Would all apps on a given phone share the same "edited set"?

        Need location? Either get the real location, or just get a static location defined by the user.

        If this were to transpire, then movie streaming apps would quickly become exclusive to iOS, as streaming providers would have no way to verify that the user of an Android device is physically in a country (or a digital single market confederation) where the provider has licensed the movie.

        Need the network? Either get it, or tell the app that you're offline.

        "To continue using this feature, connect to the Internet. For advanced offline capability, subscribe to Offline Pack next time you're online."

        • by crow ( 16139 )

          Would all apps on a given phone share the same "edited set"?

          Ideally you could create as many sets of "contacts" as you like and define which set each app sees.

          If this were to transpire, then movie streaming apps would quickly become exclusive to iOS, as streaming providers would have no way to verify that the user of an Android device is physically in a country (or a digital single market confederation) where the provider has licensed the movie.

          Non-sense. The services work just fine on desktop systems with

          • Ideally you could create as many sets of "contacts" as you like and define which set each app sees.

            If a user has 100 contacts and 50 apps installed, the user would have to sit and make 5,000 decisions as to whether to expose each contact to each app. What user interface do you propose to accomplish this in a reasonable time?

            The services work just fine on desktop systems without GPS. They'll just fall back to geo-IP databases. No big deal.

            The operators of said services would adjust the heuristics for VPN detection to allow more false positives on desktop or on mobile platforms that can fake location.

            "To continue using this feature, connect to the Internet. For advanced offline capability, subscribe to Offline Pack next time you're online."

            They could do that now.

            They already do that now, as in EA's SimCity, Nintendo's Super Mario Run, and any other video game that continuously phon

    • There's a usability issue. Even Microsoft conceals a lot of permissions from most users. The whole notion of the Windows Power User was to open it up for those who had the capability. Android does have a lot of fine-grained permissions opened up now, but they're something you are going to have to dig for, because, let's be honest here, most users would probably screw things up royally if they went around monkeying with permission settings.

      • Android does have a lot of fine-grained permissions opened up now, but they're something you are going to have to dig for, because, let's be honest here, most users would probably screw things up royally if they went around monkeying with permission settings.

        As long as they have some easy way to reset 'em, who cares? Let them break things... and then fix them.

  • by Anonymous Coward

    Pie update broke Keepass2 keyboard, so I have to use the clipboard. Not cool. Now Q will break that. Nothing like breaking the security of a password manager for security reasons.

    Hey, Google! How about asking THE USER for permission. "Background Clipboard Access?" Why would a have need that!?

    Google's permission controls were great, when they finally got enabled. But they didn't make them granular enough up front (why does an app need permission to "make & receive phone calls" just to get to the unique d

  • To me it feels like cut and paste is not heavily used on mobile devices, so I'm not sure if this move hurts more than it helps...

    A pasteboard is just one of many conduits to get data to another application, and should be the choice of last resort.

    • Comment removed based on user account deletion
    • To me it feels like cut and paste is not heavily used on mobile devices, so I'm not sure if this move hurts more than it helps...

      I remember way back, when iOS didn't have a(n easily accessible) copy + paste function. Apple got a lot of well-deserved grief over that.

      Sometimes you don't realize how often you use something until it is not available to you...

  • I guess that'll kill KDE Connect's ability to copy text from my desktop to my phone. That's sad, because it's the only thing that makes texting long links or quotes tolerable (from things that I'm reading on my desktop, since I inflict mobile browsers on myself only when necessary).

    Hopefully KDE Connect can improve their desktop texting interface enough that I can simply text from desktop to avoid the need for clipboard sharing.

  • https://play.google.com/store/apps/details?id=com.catchingnow.tinyclipboardmanager&hl=en_US

  • ... are so useful! https://play.google.com/store/... [google.com] is the first aopp I install on any Android device!

The perversity of nature is nowhere better demonstrated by the fact that, when exposed to the same atmosphere, bread becomes hard while crackers become soft.

Working...