electricpete
Android Expert
======PROBLEM======
To my understanding, certain Samsung phones (including my Galaxy S4 running stock rooted 4.3) have an extended-clipboard feature, which stores the last 20 items clipped. But this functionality is not a part of other Android phones, is not well publicized, and is not always obvious to the user. So we may be fooled into thinking that we can erase sensitive clipboard information by writing a single new entry to it (we cannot). If password manager programs attempt to clear the clipboard by writing a single new entry, they will not be successeful
======HOW TO CONFIRM THE PROBLEMATIC BEHAVIOR=======
On a Samsung phone, In ANY (*) text application, type “Text 1” and then copy it to the clipboard. Then type “Text 2” and copy it to the clipboard. Now go to any of the following PARTICULAR (**) applications: Samsung stock SMS, Samsung stock Calendar, or Color Notes (a non-Samsung app!) and long-press in a text input field. You will see options for “paste” and “clipboard”. Select "clipboard". You will see not only "Text 2" (as you'd expect) but also "Text 1" as well as up to 18 other items you recently placed on the clipboard.
=======MY DISCUSSION:=======
* ANY application places info INTO the 20-deep list.
** only PARTICULAR applications (mostly Samsung applications, but also a few others) retrieve info OUT OF the 20-deep list.
If you only interact with applications that are NOT of the 2nd type (example of apps that are NOT of second type are Google Keep, Google Tasks, Gmail, Classic Notes), then you probably don’t see any evidence whatsoever of this 20-deep clipboard list… it seems as if you have only one thing in your clipboard. But those old clipboard items are still hidden there, as you can verify by going into the 2nd type of application. I think all that is required to read this 20-long clipboard history is “read clipboard” permissions.
=======SOLUTIONS THAT DIDN'T WORK=======
1 – Samsung Secure Clipboard Xposed module - did not work for me. It was tested on GS2 but apparently (from my test) doesn’t work for S4
Secure Samsung Clipboard | Xposed Module Repository
2 – Clipboard Cleaner App - FC every time I try to use it. The description says dev is working through problems with Samsung devices
https://play.google.com/store/apps/details?id=com.kodholken.clipboardcleaner&hl=en
=======SOLUTION THAT DID "WORK"=========
What did work to remove old entries from the clipboard is the following Tasker Task
For Variable: %counter Items: 1:20
_____Set Clipboard Text: %counter
End For
Above we simply stuffed something into the clipboard 20 times which fills up the list and makes all the old stuff “fall out” the end of the list. Note that it has to be something different stuffed in each time (if you try to stuff the same thing into the clipboard 20 times, it will ignore 19 of them). The loop variable %counter provides an easy way to create 20 unique entries.
I'm going to manually initiate that task when I am aware there is potentially sensitive info on the clipboard. There might be opportunities to launch the task programmatically as well if your tasker profiles sense a situation that suggests clipboard clearing is needed.
==========GROUP DISCUSSION===========
It took me awhile to sort through this so I’m hoping it might be useful to others. Also I may be missing something along the way. Some possible items for discussion:
1 – Do others experience the same behavior? (“HOW TO CONFIRM THE PROBLEMATIC BEHAVIOR”
2 – Did you realize that your old clipboard items were still available even after a single new item is written to clipboard?
3 - Do you think I have mis-represented the risks in this vulnerability? (assuming we do occasionally put sensitive info on clipboard... it is inconvenient to avoid this)
4 – Are you aware of other way to cope with the problem? I would really prefer to get rid of that 20-deep clipboard altogether, but I don’t think there is a way.
To my understanding, certain Samsung phones (including my Galaxy S4 running stock rooted 4.3) have an extended-clipboard feature, which stores the last 20 items clipped. But this functionality is not a part of other Android phones, is not well publicized, and is not always obvious to the user. So we may be fooled into thinking that we can erase sensitive clipboard information by writing a single new entry to it (we cannot). If password manager programs attempt to clear the clipboard by writing a single new entry, they will not be successeful
======HOW TO CONFIRM THE PROBLEMATIC BEHAVIOR=======
On a Samsung phone, In ANY (*) text application, type “Text 1” and then copy it to the clipboard. Then type “Text 2” and copy it to the clipboard. Now go to any of the following PARTICULAR (**) applications: Samsung stock SMS, Samsung stock Calendar, or Color Notes (a non-Samsung app!) and long-press in a text input field. You will see options for “paste” and “clipboard”. Select "clipboard". You will see not only "Text 2" (as you'd expect) but also "Text 1" as well as up to 18 other items you recently placed on the clipboard.
=======MY DISCUSSION:=======
* ANY application places info INTO the 20-deep list.
** only PARTICULAR applications (mostly Samsung applications, but also a few others) retrieve info OUT OF the 20-deep list.
If you only interact with applications that are NOT of the 2nd type (example of apps that are NOT of second type are Google Keep, Google Tasks, Gmail, Classic Notes), then you probably don’t see any evidence whatsoever of this 20-deep clipboard list… it seems as if you have only one thing in your clipboard. But those old clipboard items are still hidden there, as you can verify by going into the 2nd type of application. I think all that is required to read this 20-long clipboard history is “read clipboard” permissions.
=======SOLUTIONS THAT DIDN'T WORK=======
1 – Samsung Secure Clipboard Xposed module - did not work for me. It was tested on GS2 but apparently (from my test) doesn’t work for S4
Secure Samsung Clipboard | Xposed Module Repository
2 – Clipboard Cleaner App - FC every time I try to use it. The description says dev is working through problems with Samsung devices
https://play.google.com/store/apps/details?id=com.kodholken.clipboardcleaner&hl=en
=======SOLUTION THAT DID "WORK"=========
What did work to remove old entries from the clipboard is the following Tasker Task
For Variable: %counter Items: 1:20
_____Set Clipboard Text: %counter
End For
Above we simply stuffed something into the clipboard 20 times which fills up the list and makes all the old stuff “fall out” the end of the list. Note that it has to be something different stuffed in each time (if you try to stuff the same thing into the clipboard 20 times, it will ignore 19 of them). The loop variable %counter provides an easy way to create 20 unique entries.
I'm going to manually initiate that task when I am aware there is potentially sensitive info on the clipboard. There might be opportunities to launch the task programmatically as well if your tasker profiles sense a situation that suggests clipboard clearing is needed.
==========GROUP DISCUSSION===========
It took me awhile to sort through this so I’m hoping it might be useful to others. Also I may be missing something along the way. Some possible items for discussion:
1 – Do others experience the same behavior? (“HOW TO CONFIRM THE PROBLEMATIC BEHAVIOR”
2 – Did you realize that your old clipboard items were still available even after a single new item is written to clipboard?
3 - Do you think I have mis-represented the risks in this vulnerability? (assuming we do occasionally put sensitive info on clipboard... it is inconvenient to avoid this)
4 – Are you aware of other way to cope with the problem? I would really prefer to get rid of that 20-deep clipboard altogether, but I don’t think there is a way.
