Skip to content

MASTG-TEST-0280: Pasteboard Contents Not Restricted to Local Device

Overview

This test checks if the app restricts the contents of the general pasteboard (UIPasteboard.general) to the local device by using the UIPasteboard.setItems(_:options:) method with the UIPasteboard.OptionsKey.localOnly option. If sensitive data is placed in the general pasteboard without this restriction, it can be synced across devices via Universal Clipboard, leading to potential data leaks. See Pasteboard for more details on the general pasteboard.

Steps

  1. Use Exploring the App Package to extract the relevant binaries from app package.
  2. Use Static Analysis on iOS to look for the relevant APIs in the app binaries.

Observation

The output should contain a list of locations where relevant APIs are used.

Evaluation

The test case fails if the app uses the general pasteboard without restricting its contents to the local device. Specifically, ensure that the UIPasteboard.setItems(_:options:) method is called with the UIPasteboard.Options.localOnly option.