Security News > 2023 > March > SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
What we didn't know, even as this case was grinding through the New York judicial system, was that SHEIN was adding some curious code to its Android app that turned it into a basic sort of "Marketing spyware tool".
We then performed a dynamic analysis by running the app in an instrumented environment to observe the code, including how it read the clipboard and sent its contents to a remote server.
Presumably, making clipboard access permissions very much stricter and more restrictive would have been a better solution in theory, as would being more rigorous with Play Store app vetting, but we're assuming that these response were considered too intrusive in practice.
Apparently, in Android 10 and later, an app can't read the clipboard at all unless it's running actively in the foreground.
Roid 12 and later will pop up a warning message to say "XYZ app pasted from your clipboard", but apparently this warning only appears the first time it happens for any app, not on subsequent clipboard grabs.
Consider removing applications with unexpected behaviors, such as clipboard access [] notifications, and report the behavior to the vendor or app store operator.