Android Q Will Kill Clipboard Manager Apps in the Name of Privacy (androidpolice.com) 42
Bolstering privacy is one of the primary focuses for Google in Android Q, the latest version of its mobile operating system, and that may spell trouble for some of your favorite apps. From a report: In Android Q, Google has restricted access to clipboard data as previously rumored, which means most apps that currently aim to manage that data won't work anymore. Having an app that sits in the background and collects clipboard data can be a handy way to recall past snippets of data. However, that same mechanism could be used for malicious intent. Google's playing it safe by restricting access to clipboard data to input method editors (you might know those as keyboards). Foreground apps that have focus will also be able to access the clipboard, but background apps won't.
Have other os's done this yet? (Score:2)
Hopefully, this will become the new norm of the mobile.
Re:Have other os's done this yet? (Score:5, Funny)
This App needs access to the following:
Add/Remove Contacts
Make & receive phone calls and texts
Storage
Wifi
Bluetooth
Multimedia
View Network State
Automatically start at boot
Read Phone State and Identity
Write Contact Data
Modify/Delete SD Card Contents
Access to Clipboard
Whoa, that last one is just too much!
Re: (Score:2)
Re: (Score:2)
No great confidence in Alphabet/Google, I mean to say, a company with the name of Alphabet, can not even reproduce the Alphabet on the keyboards, no all the children must learnt the new QWERTY alphabet, all indexes rewritten to suit the anal retentive types at Google, they had to learn qwerty so fuck all future generations, they can learn it to, what a fucking pack of arse holes.
Re: (Score:3)
Except that it's not a joke. I'm pointing out the absurdity in the situation.
Re: (Score:2)
Android 7+ makes you specifically turn on File access or camera access when first used so you can install the app and later revoke it if you want to and it prevents it from accessing the camera unless enabled specifically, so this problem has been solved but you would need a later version of Android installed that's 7+, believe it's called Nougat and it's part of the OS in the LineageOS port I use.
Re: (Score:3)
That last one really IS to much as now you have an app that can intercept your password manager.
Re: (Score:2)
Seems like all the previous ones before that nullified the need for a password.
Re: Mobile OS users are too stupid for the interne (Score:1)
I know, right.
Sent from my iPhone.
If Google took Android security seriously (Score:1)
If Google took Android security seriously, they'd add a lot more permissions, and they'd make default permission setting "lie to the app and tell it that it has the permission it requested, and then just let it fail silently / return all zeros."
In this case, the app could believe it has clipboard access, but it just never sees any events. If the user truly wants the app to have this unsafe permission, they can go in and click through some "warning: this is dangerous" menu and give the app the actual permiss
Re: (Score:2)
If Google took Android security seriously, they'd add a lot more permissions, and they'd make default permission setting "lie to the app and tell it that it has the permission it requested, and then just let it fail silently / return all zeros."
In this case, the app could believe it has clipboard access, but it just never sees any events. If the user truly wants the app to have this unsafe permission, they can go in and click through some "warning: this is dangerous" menu and give the app the actual permission.
I'd write an app that does this but it would need access to the clipboard...
Re:If Google took Android security seriously (Score:5, Insightful)
That is in fact what Android has done since Marshmallow (version 6.0, released 2015). When you install an app, it has no permissions unless the user explicitly grants them. Marshmallow had a somewhat clumsy app permission settings interface. But later versions pop up a dialog asking whether or not you want to grant a permission the first time an app tries to do something needing that permission. If you don't grant it, the OS lets the app proceed as if it has permission, and it will either fail silently and work, or return all zeros and crash. Depends on how the author coded the app.
The only major permission that's allowed by default and cannot be blocked is network access. Probably because giving the user control of that turns ad-driven apps into free apps (at least that's what happens when I deny network permission to apps on my rooted Android phone). Clipboard access is currently allowed, but apparently that's going away (TFA doesn't make clear if it's going to be prohibited entirely, or become user-selectable with Q).
Re: (Score:1)
[Disclaimer: I'm the grandparent AC]
I guess I should have been more explicit. No, that's NOT how Android 6 permissions work. It's how we wish they worked. This comes up every thread about Android permissions, so I got lazy and didn't spell it out:
Android 6 permissions are not sufficient (at least not as implemented on 6, 7, or 8.1; I don't know about 9), because they allow the app to know it doesn't have the permissions, and it will nag you every time you use the app. The default needs to be what you claim
Re: (Score:3)
It's going to be pretty trivial to write an app in any operating system that can test what is capable of accessing and "nag" you. I could write a Powershell or Bash script in about five minutes that would alert a user "Hey, you need to open write access to C:\WINDOWS or /etc".
Re: If Google took Android security seriously (Score:5, Interesting)
Re: (Score:2)
Absolutely!
Need contacts? Either get the real ones or a fake empty list. Or possibly get some edited set. Or yes, but restricted to just names and phone numbers (or names and email for an email client).
Need location? Either get the real location, or just get a static location defined by the user.
Need storage? Either get it for real, or get a restricted app-specific subdirectory.
Need the network? Either get it, or tell the app that you're offline. Oh, and add this back as a permission even if almost ev
Re: (Score:3)
Need contacts? Either get the real ones or a fake empty list. Or possibly get some edited set.
Would all apps on a given phone share the same "edited set"?
Need location? Either get the real location, or just get a static location defined by the user.
If this were to transpire, then movie streaming apps would quickly become exclusive to iOS, as streaming providers would have no way to verify that the user of an Android device is physically in a country (or a digital single market confederation) where the provider has licensed the movie.
Need the network? Either get it, or tell the app that you're offline.
"To continue using this feature, connect to the Internet. For advanced offline capability, subscribe to Offline Pack next time you're online."
Re: (Score:2)
Ideally you could create as many sets of "contacts" as you like and define which set each app sees.
Non-sense. The services work just fine on desktop systems with
Making 5,000 decisions to exclude a contact (Score:2)
Ideally you could create as many sets of "contacts" as you like and define which set each app sees.
If a user has 100 contacts and 50 apps installed, the user would have to sit and make 5,000 decisions as to whether to expose each contact to each app. What user interface do you propose to accomplish this in a reasonable time?
The services work just fine on desktop systems without GPS. They'll just fall back to geo-IP databases. No big deal.
The operators of said services would adjust the heuristics for VPN detection to allow more false positives on desktop or on mobile platforms that can fake location.
"To continue using this feature, connect to the Internet. For advanced offline capability, subscribe to Offline Pack next time you're online."
They could do that now.
They already do that now, as in EA's SimCity, Nintendo's Super Mario Run, and any other video game that continuously phon
android:debuggable="false" (Score:2)
How well does Android Debug Bridge work on apps whose debuggable attribute has been set to false?
Re: (Score:3)
There's a usability issue. Even Microsoft conceals a lot of permissions from most users. The whole notion of the Windows Power User was to open it up for those who had the capability. Android does have a lot of fine-grained permissions opened up now, but they're something you are going to have to dig for, because, let's be honest here, most users would probably screw things up royally if they went around monkeying with permission settings.
Re: (Score:2)
Android does have a lot of fine-grained permissions opened up now, but they're something you are going to have to dig for, because, let's be honest here, most users would probably screw things up royally if they went around monkeying with permission settings.
As long as they have some easy way to reset 'em, who cares? Let them break things... and then fix them.
Pie Broke Keepass2 Keyboard (Score:2, Interesting)
Pie update broke Keepass2 keyboard, so I have to use the clipboard. Not cool. Now Q will break that. Nothing like breaking the security of a password manager for security reasons.
Hey, Google! How about asking THE USER for permission. "Background Clipboard Access?" Why would a have need that!?
Google's permission controls were great, when they finally got enabled. But they didn't make them granular enough up front (why does an app need permission to "make & receive phone calls" just to get to the unique d
Seems like a low-risk thing to go after. (Score:2)
To me it feels like cut and paste is not heavily used on mobile devices, so I'm not sure if this move hurts more than it helps...
A pasteboard is just one of many conduits to get data to another application, and should be the choice of last resort.
Re: (Score:2)
Re: (Score:2)
To me it feels like cut and paste is not heavily used on mobile devices, so I'm not sure if this move hurts more than it helps...
I remember way back, when iOS didn't have a(n easily accessible) copy + paste function. Apple got a lot of well-deserved grief over that.
Sometimes you don't realize how often you use something until it is not available to you...
KDE Connect (Score:2)
I guess that'll kill KDE Connect's ability to copy text from my desktop to my phone. That's sad, because it's the only thing that makes texting long links or quotes tolerable (from things that I'm reading on my desktop, since I inflict mobile browsers on myself only when necessary).
Hopefully KDE Connect can improve their desktop texting interface enough that I can simply text from desktop to avoid the need for clipboard sharing.
Boo... not cool I like Clip Stack (Score:2)
https://play.google.com/store/apps/details?id=com.catchingnow.tinyclipboardmanager&hl=en_US
Clipboard Manager on small devices... (Score:2)