Abstract
Recently, clipboard usage has become prevalent in mobile apps allowing users to copy and paste text within the same app or across different apps. However, insufficient access control on the clipboard in the mobile operating systems exposes its contained data to high risks where one app can read the data copied in other apps and store it locally or even send it to remote servers. Unfortunately, the literature only has ad-hoc studies in this respect and lacks a comprehensive and systematic study of the entire mobile app ecosystem. To establish the missing links, this paper proposes an automated tool, ClipboardScope, that leverages the principled static program analysis to uncover the clipboard data usage in mobile apps at scale by defining a usage as a combination of two aspects, i.e., how the clipboard data is validated and where does it go. It defines four primary categories of clipboard data operation, namely spot-on, grand-slam, selective, and cherry-pick, based on the clipboard usage in an app. ClipboardScope is evaluated on 26,201 out of a total of 2.2 million mobile apps available on Google Play as of June 2022 that access and process the clipboard text. It identifies 23,948, 848, 1,075, and 330 apps that are recognized as the four designated categories, respectively. In addition, we uncovered a prevalent programming habit of using the SharedPreferences object to store historical data, which can become an unnoticeable privacy leakage channel.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the IEEE/ACM 46th International Conference on Software Engineering |
| Pages | 1–13 |
| Publication status | Published - Apr 2024 |
Fingerprint
Dive into the research topics of 'Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps'. Together they form a unique fingerprint.
View full fingerprint
Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver
Cheng, Y., Tang, R., Zuo, C., Zhang, X., Lei, X., Luo, X., & Zhao, Q. (2024). Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (pp. 1–13)
Cheng, Yongliang ; Tang, Ruoqin ; Zuo, Chaoshun et al. / Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps. Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. 2024. pp. 1–13
@inproceedings{4e230eb9624343df9c02ec47e4bc08fd,
title = "Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps",
abstract = "Recently, clipboard usage has become prevalent in mobile apps allowing users to copy and paste text within the same app or across different apps. However, insufficient access control on the clipboard in the mobile operating systems exposes its contained data to high risks where one app can read the data copied in other apps and store it locally or even send it to remote servers. Unfortunately, the literature only has ad-hoc studies in this respect and lacks a comprehensive and systematic study of the entire mobile app ecosystem. To establish the missing links, this paper proposes an automated tool, ClipboardScope, that leverages the principled static program analysis to uncover the clipboard data usage in mobile apps at scale by defining a usage as a combination of two aspects, i.e., how the clipboard data is validated and where does it go. It defines four primary categories of clipboard data operation, namely spot-on, grand-slam, selective, and cherry-pick, based on the clipboard usage in an app. ClipboardScope is evaluated on 26,201 out of a total of 2.2 million mobile apps available on Google Play as of June 2022 that access and process the clipboard text. It identifies 23,948, 848, 1,075, and 330 apps that are recognized as the four designated categories, respectively. In addition, we uncovered a prevalent programming habit of using the SharedPreferences object to store historical data, which can become an unnoticeable privacy leakage channel.",
author = "Yongliang Cheng and Ruoqin Tang and Chaoshun Zuo and Xiaokuan Zhang and Xue Lei and Xiapu Luo and Qingchuan Zhao",
year = "2024",
month = apr,
language = "English",
pages = "1–13",
booktitle = "Proceedings of the IEEE/ACM 46th International Conference on Software Engineering",
}
Cheng, Y, Tang, R, Zuo, C, Zhang, X, Lei, X, Luo, X & Zhao, Q 2024, Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps. in Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. pp. 1–13.
Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps. / Cheng, Yongliang; Tang, Ruoqin; Zuo, Chaoshun et al.
Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. 2024. p. 1–13.
Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review
TY - GEN
T1 - Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps
AU - Cheng, Yongliang
AU - Tang, Ruoqin
AU - Zuo, Chaoshun
AU - Zhang, Xiaokuan
AU - Lei, Xue
AU - Luo, Xiapu
AU - Zhao, Qingchuan
PY - 2024/4
Y1 - 2024/4
N2 - Recently, clipboard usage has become prevalent in mobile apps allowing users to copy and paste text within the same app or across different apps. However, insufficient access control on the clipboard in the mobile operating systems exposes its contained data to high risks where one app can read the data copied in other apps and store it locally or even send it to remote servers. Unfortunately, the literature only has ad-hoc studies in this respect and lacks a comprehensive and systematic study of the entire mobile app ecosystem. To establish the missing links, this paper proposes an automated tool, ClipboardScope, that leverages the principled static program analysis to uncover the clipboard data usage in mobile apps at scale by defining a usage as a combination of two aspects, i.e., how the clipboard data is validated and where does it go. It defines four primary categories of clipboard data operation, namely spot-on, grand-slam, selective, and cherry-pick, based on the clipboard usage in an app. ClipboardScope is evaluated on 26,201 out of a total of 2.2 million mobile apps available on Google Play as of June 2022 that access and process the clipboard text. It identifies 23,948, 848, 1,075, and 330 apps that are recognized as the four designated categories, respectively. In addition, we uncovered a prevalent programming habit of using the SharedPreferences object to store historical data, which can become an unnoticeable privacy leakage channel.
AB - Recently, clipboard usage has become prevalent in mobile apps allowing users to copy and paste text within the same app or across different apps. However, insufficient access control on the clipboard in the mobile operating systems exposes its contained data to high risks where one app can read the data copied in other apps and store it locally or even send it to remote servers. Unfortunately, the literature only has ad-hoc studies in this respect and lacks a comprehensive and systematic study of the entire mobile app ecosystem. To establish the missing links, this paper proposes an automated tool, ClipboardScope, that leverages the principled static program analysis to uncover the clipboard data usage in mobile apps at scale by defining a usage as a combination of two aspects, i.e., how the clipboard data is validated and where does it go. It defines four primary categories of clipboard data operation, namely spot-on, grand-slam, selective, and cherry-pick, based on the clipboard usage in an app. ClipboardScope is evaluated on 26,201 out of a total of 2.2 million mobile apps available on Google Play as of June 2022 that access and process the clipboard text. It identifies 23,948, 848, 1,075, and 330 apps that are recognized as the four designated categories, respectively. In addition, we uncovered a prevalent programming habit of using the SharedPreferences object to store historical data, which can become an unnoticeable privacy leakage channel.
M3 - Conference article published in proceeding or book
SP - 1
EP - 13
BT - Proceedings of the IEEE/ACM 46th International Conference on Software Engineering
ER -
Cheng Y, Tang R, Zuo C, Zhang X, Lei X, Luo X et al. Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. 2024. p. 1–13
