SHEIN's Android app caught sending clipboard contents to remote server

An old version of SHEIN's Android application was caught sending the contents of the clipboard to a remote server. While this behaviour of SHEIN's application, which has over 100 million downloads on the Google Play Store, involved no malicious intent, it highlights the risks that installed applications can pose, Microsoft said.

In a blog post, the Microsoft Threat Intelligence researchers detailed how they identified the SHEIN app's clipboard behaviour and how Android users can protect themselves against clipboard-based attacks.

The Microsoft team analysed SHEIN app version 7.9.2 and found that it periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server. They reported the findings to Google, following which the Android Security Team conducted an investigation.

Microsoft worked with Google's Android Security Team to ensure the removal of this behaviour from the SHEIN app. In May 2022, SHEIN removed the behaviour from their application.

"Although we're not aware of any malicious intent by SHEIN, even seemingly benign behaviours in applications can be exploited with malicious intent. Threats targeting clipboards can put any copied and pasted information at risk of being stolen or modified by attackers, such as passwords, financial details, personal data, cryptocurrency wallet addresses, and other sensitive information," Microsoft said.

To defend against these types of risks, users are advised to avoid installing applications from untrusted sources and keep the device and the installed applications updated. Microsoft also recommends removing the applications with unexpected behaviours, such as clipboard access toast notifications. If you identify any such behaviour, report it to the vendor or app store operator.

At Microsoft, we value, protect, and defend privacy and this case demonstrates our efforts to investigate and protect customers’ privacy beyond security threats. We will continue to work with the security community to share research and intelligence about risks and threats in the effort to build better protection for all, the tech giant said.