Difficult to know why the company uses this practice for the time being. A privacy issue ?
With iOS 14, Apple has made some improvements to its iPhone-side security. Only available in beta version for the general public to this day, the software allows you to alert users when an application reads the content of their clipboard, which stores all the information that is copied to be pasted elsewhere. Typical use case : you are using Facebook on Chrome, but decide to download the official client of the social network on the App Store, more convenient. To connect to the app, so you’ll need to copy the password stored in your browser so you can paste it in app Facebook just installed.
During the manipulation, the iPhone keeps your secret code in a memory cache… To which all the other applications installed on your mobile have access if they so wish. Among them, it is the FinTech French Shine that has just been pinned by iPhon.fr to regularly review these potentially sensitive information without informing its customers. To recall, the firm came under the fold of the Company General a few days earlier, and has a large database of over 70 000 members. So many potential victims, so.
What are the risks to your personal data ?
If it is still hard to know if Android is also concerned, it should also be noted that this questionable behaviour has previously been marred once more the reputation of ByteDance, chinese society publisher of TikTok, which is very popular among teenagers. Shine is so far from being the first to take advantage of this ” loophole “, totally assumed by Apple until now. But his character is regular and automatic is particularly disturbing : indeed, the néobanque seems to actually refer to the content of the clipboard each time that text is copied from elsewhere in iOS, at least if his application is opened subsequently. Here what looks like the famous notification in question in the case :
Shine does not release an official response as a result of this incident. Nevertheless, one may hope that an update correcting this problem to be quickly deployed by the developers of the ex-startup, by a pledge of security : security is the least of things from a service manager of the exchange bank.
Update – Here are the elements of a response transmitted by Shine :
Right of reply of Shine :
You have sent us a message yesterday evening, Sunday, we are asking for items before publication of your article this Monday morning at 8am. After analysis from our side, here are the answers to your questions.
Shine accesses voluntarily to the clipboard on a couple of occasions : when a user copy the referral link to send to a close, and when a user copy the link of an invoice to send it via a means other than through the application. In both of these cases very precise, the access to the clipboard is used to write elements (what the user wants to copy), and not to retrieve data.
As a result of your feedback, we discovered that there was a third occasion, which we were not aware, and that was the fact a third-party tool that we use. According to the information we have is that the tool in question uses this access to check for the presence of a type of a particular link in the clipboard. Thus, contrary to what you stated in the title of your article, Shine does not read the contents of the clipboard : access used was used only to verify the presence of a content type (i.e. a type of link), but not to view the content present.
Shine does not need this access and we have made the necessary changes with the tools in question to disable it. This will be effective in the next update of the application.
Thank you for having submitted it ! We take to heart the topics that are related to the protection of privacy, and we therefore encourage all users to contact us directly when they have a doubt on this subject : firstname.lastname@example.org.