22-04-2025 08:39 PM - last edited 22-04-2025 08:41 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Security researchers have identified that Samsung Devices running Android 9 or later store all clipbopard content including passwords and Banking details in plain text indefinitely without an automatic deletion mechanism. It is not possible to auto delete entries after a specific time period which can result in a security risk, this was recognised by a US Samsung Moderator.The issue will be passed to the developers for a fix but there is no timeframe on that at present.
Most concerning is the threat from malware which can target clipboard data to steal credentials and financial information. Any sensitive information should be cleared from the clipboard manually. Third party keyboards like Swifkey do automatically clear the contents after an hour,Samsung's system level storage will still retain the information though.
It is to do with Samsung's implemetation of the Android Clipboard API, can see the technical details here https://cybersecuritynews.com/samsung-one-ui-security-flaw/
I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.
22-04-2025 08:43 PM - last edited 22-04-2025 08:49 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
For right now, as long as you don't use a password manager that copies the password for you to paste, nothing super sensitive should be in there. Though of course you can manually clear it. Now we wait for a fix.
Update. The clipboard has a max of 40 items. So if you copy a lot of things, they are auto deleted. Source: had 40 things, copied something, still said 40 oldest was deleted
22-04-2025 08:46 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Noticed when I clean installed UI7 Microsoft Edge now won't autofill my address or credit card without Microsoft Authenticator approval.
I do delete my clipboard daily, but keep a few things pinned, nothing confidential, but deleted with data is never really deleted.
Hope a fix is found, a proper barn door clanger, thanks for the heads up.
2 Decades Samsung Ownership, If my response helps leave a Like and Accept as a Solution
DAILY: ZFold6, Watch Ultra, Fit3, CL Ace 2, BT-W6, 20,000 Power bank, Smart Tags
FAMILY: ZFlip5, ZFlip6, Watch6 Classic, Tab S8 Ultra, Tab S7 Plus, Buds Pro2, Buds3 Pro
OFFICE: Book2 Pro i7, M70A 32”, Logitech K700, MX Ego, M720 Triathlon, Pop, Jabra Evolve2
AV/GAMING: QN95A 50” TV, Q900A, SW900s, 8 Series TV, LG OLED, M70A 43”, Dell Inspiron G5
APPLIANCES: Jet 75 Vacuum, MC32 Oven, American Fridge, 8 Series TV, LG OLED
SPARES: ZFlip4, ZFlip3, Buds1 Pro, Buds2 Pro, Book2 Pro i5, Level Speaker
MAINTAIN: iPhone 14, iPad Air4, iPad Mini4, iPad Pro1 12.9, Watch6
22-04-2025 09:02 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Still a concern though I would not have anything sensitive in there.
I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.
22-04-2025 09:04 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.
22-04-2025 10:10 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Also would the phone's own antivirus detect suspicious malware? Every time I perform a scan it doesn't find any malware, and I trust it. I hope it's accurate.
23-04-2025 06:55 AM - last edited 23-04-2025 07:17 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
It wasn't discovered by a US Samsung moderator, it's been known for years, as it says at the bottom of the text you linked
This security flaw has reportedly been known for years, with users across Reddit, XDA, and Samsung forums raising concerns without substantive resolution.
Google search:
https://forums.androidcentral.com/threads/warning-samsung-users.1065119/
But, if everyone is just now talking about it, my guess is that Samsung has finally patched it.
23-04-2025 10:06 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.
23-04-2025 10:29 AM - last edited 23-04-2025 10:38 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
What I noticed is:Regardless of deleting the clipboard, the last copy before deletion can be loaded into the browser's after deletion, so it takes several copies to the clipboard to delete the password if it was the last copy, clean RAM and restarting the phone, because only by restarting the phone does the possibility of copying the last item from the clipboard to Google Translate disappear . So, after deleting clipboard, a phone restart is also required so that applications like Google Translate can no longer paste the last (deleted) item into the clipboard.
