Secure Design

This is a particularly misguided addition of a security prompt by Apple. The user already explicitly indicated their intent to paste using the system-provided paste UI. If that’s part of client code, that’s a small mistake to fix: must be system level, then bake the auth into it.

co founder of @metamask . Making computers behave for us.

Clipboard sniffing has definitely been a thing in the past. I don't know how it works in iOS, but on lots of operating systems, the app in focus can just silently grab the clipboard without notifying the user. Sometimes it requires a click, which can be induced, like an invisible button or something.

Yeah, iOS used to let any active app sniff the clipboard. That was far worse than an excessive safety prompt. My read is basically that they were so scared of the security they had messed up that they stacked up multiple layers of safety without a coherent mental model of which layer provided the safety.