Microsoft explores Shein, an app that accesses the clipboard on Android devices

A version of the Shein shopping app, which has more than 100 million downloads on Google Play, unnecessarily accessed the clipboard of Android devices and transmitted content to a remote server, raising security concerns.

In a March 6 blog post, Microsoft researchers said they discovered the issue in version 7.9.2 of the app, released on December 16, 2021, and confirmed that Shein had been working on it since May 2022. Users should update the installed application to prevent potential malicious attacks.

Clipboards can be an attractive target for cyberattacks because mobile users often use them to copy and paste sensitive information such as login credentials, financial information, and personal information. Threat actors can exfiltrate clipboard data to launch phishing attacks, steal passwords, or perform other fraudulent activities. There are even examples of attackers modifying clipboard contents for malicious activities, such as changing cryptocurrency wallet addresses, before users paste them into a cryptocurrency wallet application.

Microsoft said it could not determine malicious intent in SHEIN’s case, but suggested that accessing the clipboards was not necessary. SC Media reached out to Shein for more information.

“Even if SHEIN’s behavior on the clipboard did not involve malicious intent, this case highlights the risks of installed apps, including those that are very popular and can be obtained from the platform’s official app store,” Microsoft said.

The tech giant identified and verified Shein’s clipboard behavior by performing static analysis on the app to find “the code responsible for the behavior” and then performing dynamic analysis to run the app “in an instrumented environment to observe the code.”

Following Microsoft’s research findings, Google recognized the potential threats associated with clipboards and made the following efforts to secure the Android platform.