AppsTech

Millions of Android Users at Risk: Popular Shopping App Caught Spying on Clipboard Activity

By
Shubham Sawarkar
Shubham Sawarkar's avatar
ByShubham Sawarkar
Editor-in-Chief
I’m a tech enthusiast who loves exploring gadgets, trends, and innovations. With certifications in CISCO Routing & Switching and Windows Server Administration, I bring a sharp...
Follow:
- Editor-in-Chief
We may get a commission from retail offers. Learn more
Millions of Android Users at Risk: Popular Shopping App Caught Spying on Clipboard Activity

A recent report by Microsoft has revealed that an outdated version of the SHEIN Android mobile app was spying on millions of Android users. The popular shopping app was found to be accessing users’ clipboard activity, a serious privacy breach that can put sensitive information like passwords, financial details, and personal data at risk.

According to Microsoft, the SHEIN Android application periodically read the contents of the Android device clipboard and sent them to a remote server if a particular pattern was present. The behavior was detected by Microsoft’s Defender for Endpoint, which flagged it as suspicious activity.

Millions of Android Users at Risk: Popular Shopping App Caught Spying on Clipboard Activity
An example of a call chain through the SHEIN app resulting in clipboard access. (Image Credit: Microsoft)

While Microsoft did not find any evidence of malicious intent, the app’s behavior is still considered a violation of users’ privacy. There is no explanation for why the app needs to track users’ clipboard activity, and it is not necessary for users to perform tasks on the app.

The SHEIN app is available on the Google Play Store and has over 100 million downloads, highlighting the risks that installed applications can pose, even those obtained from the platform’s official app store. Microsoft reported the findings to Google, and it was subsequently investigated by their Android Security Team.

In May 2022, SHEIN removed the behavior from the application, but the incident serves as a reminder that apparently harmless behaviors in apps can be exploited with malicious intent.

Threats targeting clipboards are particularly concerning, as they can put any copied and pasted information at risk of being stolen or modified by attackers. This includes sensitive information like passwords, financial details, personal data, cryptocurrency wallet addresses, and more.

As a result, it’s important for users to be cautious when granting permissions to apps and to keep their devices and apps up to date with the latest security patches. Additionally, using a password manager can help protect sensitive information by securely storing and auto-filling passwords, making it harder for attackers to steal them.

How to keep your device safe?

Following the discovery, Microsoft has issued recommendations for users to protect themselves from risk:

  • Always keep the device and the installed applications updated
  • Never install applications from untrusted sources
  • Consider removing applications with unexpected behaviors, such as clipboard access toast notifications, and report the behavior to the vendor or app store operator

Discover more from GadgetBond

Subscribe to get the latest posts sent to your email.

Leave a Comment

Leave a Reply

Most Popular
Also Read