Microsoft explores Shein, an app that accesses the clipboard on Android devices

Microsoft explores Shein, an app that accesses the clipboard on Android devices

A version of the Shein shopping app, which has more than 100 million downloads on Google Play, unnecessarily accessed the clipboard of Android devices and transmitted content to a remote server, raising security concerns.

In a March 6 blog post, Microsoft researchers said they discovered the issue in version 7.9.2 of the app, released on December 16, 2021, and confirmed that Shein had been working on it since May 2022. Users should update the installed application to prevent potential malicious attacks.

Clipboards can be an attractive target for cyberattacks because mobile users often use them to copy and paste sensitive information such as login credentials, financial information, and personal information. Threat actors can exfiltrate clipboard data to launch phishing attacks, steal passwords, or perform other fraudulent activities. There are even examples of attackers modifying clipboard contents for malicious activities, such as changing cryptocurrency wallet addresses, before users paste them into a cryptocurrency wallet application.

Microsoft said it could not determine malicious intent in SHEIN’s case, but suggested that accessing the clipboards was not necessary. SC Media reached out to Shein for more information.

“Even if SHEIN’s behavior on the clipboard did not involve malicious intent, this case highlights the risks of installed apps, including those that are very popular and can be obtained from the platform’s official app store,” Microsoft said.

The tech giant identified and verified Shein’s clipboard behavior by performing static analysis on the app to find “the code responsible for the behavior” and then performing dynamic analysis to run the app “in an instrumented environment to observe the code.”

See also  The best sleep apps of 2023
Example of SHEIN application call chain resulting in clipboard access (Credit: Microsoft)

Following Microsoft’s research findings, Google recognized the potential threats associated with clipboards and made the following efforts to secure the Android platform.

  • On Android 10 and later, apps cannot access clipboard data unless the default input mode editor is set.
  • On Android 12 and later, a toast message notifies the user of clipboard access the first time an app invites access to clip data from another app.
  • On Android 13, the contents of the clipboard will be deleted after a certain period of time to increase protection.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *