suspect banking app

locked

GrapheneOS warned me that a banking app tried to access the telegram messaging app clipboard. Could it be?? I uninstalled it immediately and will be installing it, and another banking app on separate profile dedicated to them.. The offending app is not from a U.S bank. This is an app that updates regularly through Sanboxed Google Play. I was shocked to receive this warning from GoS. Also, as of recently, every time I ran it, a notification comes up telling me that it is doing a Google API integrity check.

ryrona

locked GrapheneOS warned me that a banking app tried to access the telegram messaging app clipboard. Could it be??

I think the warning says "APP pasted content from clipboard", where APP is the name of the app that did read the clipboard content. The warning doesn't say which app the clipboard content was originally copied from, so I am a little bit confused over you saying it said it came from Telegram. It shouldn't have said that. It doesn't for me.

I think it would be interesting to see the exact wording of the warning you saw, if you can reproduce it.

With that said, yes, any foreground app can read the clipboard content, and GrapheneOS warns when this happens. Unless I misremember, the GrapheneOS developers have expressed interest in implementing a way to block specific apps from reading the clipboard, to cope with situations exactly like this one you are experiencing.

Running the app in a secondary user profile is of course also one way to prevent this, since each secondary user profile has its own clipboard, there are no clipboard sharing between secondary user profiles. It is just owner profile and hidden space, and potentially work profiles that have clipboard sharing.

angela

locked Since it's not illegal to track people often or not enforced when illegal, many apps do this. There are tracking scripts/pixels on bank websites, even in health websites. Companies do not care. It's part of why it's good to DNS block ads if you are using Apps like this, although not sure if cdns bypass this. It's corrupt, but the general public doesn't care and governments like it, so it's here to stay.

Onlyfun

locked maybe using a keyboard that offers it's "own" clipboard, that can be set to not be shared, therefore content will be only available to that said keyboard. basic testing by copy-pasting with different keyboards confirmed clipboard is not shared.

to be particular florisboard https://f-droid.org/repo/dev.patrickgold.florisboard_103.apk is the one I described above.

DeletedUser143

Could you make a screenshot of that?

locked

DeletedUser143 I can't, because I have already removed the app.

GrapheneOS

ryrona

With that said, yes, any foreground app can read the clipboard content

No, only the focused app and active keyboard can read the clipboard.

Unless I misremember, the GrapheneOS developers have expressed interest in implementing a way to block specific apps from reading the clipboard, to cope with situations exactly like this one you are experiencing.

That's implemented and going through the final stages of testing and refining it which can take a long time.

locked

ryrona I believe that the dialog box warning mentioned the app by name, that is what startled me.

ryrona

GrapheneOS No, only the focused app and active keyboard can read the clipboard.

Oh okay, I didn't know there was a distinction between an app being in the foreground and being focused. I guess I meant focused app then. Whichever app you have on your screen at the moment is what I meant.

GrapheneOS

We also plan to add a toggle for making the Private Space clipboard separate soon.

locked

angela Well, I will put a lid on them, by isolating them in their own separate profile.

GrapheneOS

ryrona You can have multiple apps on screen via split screen or free form window mode but only the focused one can read it. Also, foreground services exist.

Hat

locked If you have received a notification, you can view the last 24 hours in the Notification history under Settings.

locked

Hat I wish someone would have mentioned this earlier. It's been over 48 hours.