Skip to content

MASTG-TEST-0278: Pasteboard Contents Not Cleared After Use

Overview

This test checks if the app clears the contents of the general Pasteboard when it moves to the background or terminates. If sensitive data is left in the pasteboard, it can be accessed by other apps, leading to potential data leaks.

Apps can clear the contents of the general pasteboard by setting UIPasteboard.general.items = [] in the appropriate lifecycle methods, such as applicationDidEnterBackground: or applicationWillTerminate:. This would translate to calls to UIPasteboard.general and to UIPasteboard.setItems with an empty array ([]) in the reverse-engineered code.

Steps

  1. Use Exploring the App Package to extract the relevant binaries from app package.
  2. Use Static Analysis on iOS to look for the relevant APIs in the app binaries.

Observation

The output should contain a list of locations where relevant APIs are used.

Evaluation

The test case fails if the app uses the general pasteboard and does not clear its contents when moving to the background or terminating. Specifically, it should be verified that there are calls to UIPasteboard.setItems with an empty array ([]) in the appropriate lifecycle methods.