Microsoft has found Shein, an app that copies clipboard content on Android phones

by James · March 9, 2023

The app was found to send the contents of the clipboard to a remote server when a particular pattern was present, although it’s unclear if there was any malicious intent behind the behavior.

Shein, the Chinese online fashion retailer, is under scrutiny again after it was discovered that an old version of its mobile app could access the contents of clipboards on Android devices.

It was discovered by Microsoft, whose Threat Intelligence Team worked with Google’s Android security team to ensure that the behavior was removed from the app.

The app was found to send the contents of the clipboard to a remote server when a particular pattern was present, although it’s unclear if there was any malicious intent behind the behavior. As a result of the disclosure, Google reportedly recognized the risks associated with accessing the clipboard and improved the Android operating system.

Microsoft Caught Shein App copies clipboard contents to Android phones

According to a Microsoft consultant, Shein allegedly removed the behavior from the app in May 2022. However, the incident raised concerns about threats to clipboards already seen in the wild.

Shein is the latest Chinese app to be scrutinized by researchers for potentially shady behavior. Last year, as reported by Hackread.comTikTok’s in-app browser has been identified as a potential threat that can monitor user activities on external websites.

These threats put any copied and pasted information at risk of being stolen or modified by attackers, including sensitive information such as passwords, financial data, and cryptocurrency wallet addresses.

To protect against threats, security researchers recommend users to always keep their applications up-to-date and never install applications from untrusted sources. They also recommend that you uninstall apps that exhibit unexpected behavior, such as accessing the clipboard, and report the behavior to the vendor or app store operator.

Microsoft’s Blog Entry also recommends that “Users can protect themselves by watching for the clipboard access message. If the message appears unexpectedly, they should assume that the data on the clipboard is potentially compromised and consider uninstalling any apps that allow suspicious clipboard access.

The incident comes months after Shein’s holding company Zoetop he was fined $1.9 million (£1.69 million) for not properly informing 32 million customers about the data breach.

It is likely to further damage the retailer’s reputation, which it already has faced criticism over the practices of fast fashion and the working conditions of its factories.

As more consumers recognize the security risks associated with mobile apps, retailers and app developers must take greater responsibility for protecting user data and privacy.