Demo: Android 14 Clipboard Manager Data Leak Security Issue
fingerprint.comUnless I'm misreading this, it sounds like an app can only suppress the clipboard paste toast if either:
1) It's a system app, and thus has permission to "legally" suppress the notification. This can be a problem for pre-installed third-party apps. But if your phone doesn't have those, you're fine. (More or less; I don't love the idea that system apps can suppress the notification, period.)
2) It's an app that you've explicitly granted permission to draw over top of other apps. Which is a permission that's hard to accidentally grant, and is a permission that you shouldn't grant to any app, unless you super super super super trust it.
Seems like kinda a nothingburger?
Drawing over other apps is a problem too. On my OnePlus, I just checked, there are 23 apps with the permission to draw over other apps, but only 3 of those are the ones I've explicitly allowed.
20/23 apps are Google, OnePlus, or Android System apps. I never knew so many of them had this permission!
The 20 apps are all pre-installed from factory. If you don't trust those, then you need to change your device. There is no trivial way of removing them short of rooting or flashing a new ROM.
Even factory apps ought to be given the minimum permissions needed to do their job - otherwise someone will find an exploit for one and have an easier time doing evils.
Use App Manager from f-droid and enable adb mode or wireless debugging and then freeze the unwanted apps. The manual tells you exactly how to use adb over USB or enable wireless debugging.
> Seems like kinda a nothingburger?
Yep, it's a nothingburger (which also explains why it's not filed through a security disclosure and getting a CVE).
Just declaring draw over apps permission will also kick you into a much more rigorous Play Store review if you try to publish the app.
The first scenario is a possibility for a lot of budget phones, as well as carrier-distributed phones. Both include bundled third party "system" apps, especially the budget phones where the bundleware is more likely to be from questionable devs.
It's something most of us knew already, but it's just another reason why it's a bad idea to buy dirt cheap crapware-subsidized phones, and why it's better to buy phones through electronics retailers or from the manufacturer and to steer clear of purchasing through carriers.
If the main attack vector is "software preinstalled by shady manufacturers", I'd still file that under "nothingburger". There are many, many ways for shady manufacturers to do shady things with their OEM version of Android, and this is far from a game changer for them.
Hopefully a relatively easy fix on the OS side: ensure that these toasts have a higher z-index than app overlay windows.
Sidenote: I really hope Android doesn't lose the ability to do things like these overlay windows.
These types of "power user" features are often where innovation happens. It makes me sad when flexible general purpose APIs are replaced with locked down, specific ones. (e.g. overlay windows API -> a specific "chat heads" API).
The new APIs might be fine for current use cases, but ensure that innovation terminates at whatever th OS vendor designed.
> Hopefully a relatively easy fix on the OS side: ensure that these toasts have a higher z-index than app overlay windows.
The point of the system overlay permission is to draw on top of everything else. Maybe Android should introduce some kind of overlay overlay overlay to overlay clipboard messages, but I think that would probably overcomplicate the API.
Perhaps it's better to instead send a notification when an application rendering a system overlay accesses the clipboard as well. That way, users closing out of the app can see that the application has accessed the clipboard.
Of course sufficiently privileged applications can dismiss notifications, but that requires even more difficult to attain permissions.
I think this makes a good case for something in between that can display the annoying popup chat bubbles, but can't override toasts.
Or just make it so the system-wide Toast cannot be overdrawn, it will always stay on top.
An overlay buster buster
> It makes me sad when flexible general purpose APIs are replaced with locked down, specific ones. (e.g. overlay windows API -> a specific "chat heads" API).
Doesn't have to be a replacement. It's good when you add specific APIs to do specific things that aren't very dangerous and then have the super dangerous one left as a risk signal. Innovation can still happen, common things get easier, and dangerous things get rarer. Feels pretty good to me.
I can see the issue, but SYSTEM_ALERT_WINDOW isn't a permission you'd normally give to an app. You can probably trick some users into giving that permission, but it's not easy and Google Play will probably kick your app out of the Play Store if you try to use it in the first place.
Abuse from system apps is a potential threat but you can't really do much about those. System apps can bypass all manners of restrictions, I'm not sure if clipboard access is something to be particularly worried about when system apps can already read your entire SD card and bypass app firewalls/VPNs.
It seems like nothing changes in Android 14? Like at worst it's still possible on 14, whatever it is, but my impression from the title was that it's a new issue with 14 making me think I should delay updating.
I wish there was a way to view apps by permission- so I wouldn't have to audit every app individually. Is this possible?
Settings > Privacy > Permission manager
Settings > Apps > Special app access