Online shopping has become more convenient than ever thanks to mobile apps allowing us to shop on the go. However, with recent evidence involving an earlier version of SHEIN spying on its users' copy-and-paste activity, it's understandable to feel worried about the safety of your favorite online shopping apps. Microsoft discovered that a version of the Shein Android app was accessing users' clipboard activity and periodically reading it.
The news is alarming, especially considering the Shein app has been downloaded over 100 million times on the Google Play Store. Even if the spying was not malicious, it raises questions about what other apps might secretly collect user data. Cybercriminals often use the behavior of spying on clipboard content to steal sensitive data, collect private information, or even modify copied cryptocurrency wallet addresses to trick victims into sending digital assets to the attacker's wallet.
Microsoft's research team did a deep dive into the app's coding to understand further how the earlier version of Shein's Android app collected and sent clipboard content. They discovered that the app used a common method called a "clipboard listener," which automatically tracks and records every instance of copying and pasting on the user's device. In the case of the Shein app, this information was collected and sent to a remote server without the users' knowledge or consent. This means sensitive data such as passwords, account numbers, and other personal information could have been exposed.
Thankfully, Google has improved the Android platform to prevent this behavior. For instance, on Android 12 and newer, a message appears to notify the user when an application calls Clipboard Manager to access clipboard data from another app. Additionally, Android 13 clears clipboard contents for extra protection.
Although this issue has since been fixed, and Shein has removed the clipboard-spying behavior from its app, this example highlights the potential risks of installed applications, including those obtained from the official app store. Therefore, staying informed about the latest news regarding our privacy and tech companies' use of personal information is essential. Furthermore, with more people relying on apps and online services for their daily activities, it's become increasingly crucial to understand the security risks and take steps to protect ourselves. By regularly updating our apps and devices, being mindful of the information we share online, and staying informed about data breaches and other security issues, we can help ensure that our personal information remains safe and secure.
