DEV Community

SameX
SameX

Posted on

Security and Permission Management of Cross-device Clipboard in HarmonyOS Next

In the multi-device ecosystem of HarmonyOS Next, the cross-device clipboard has significantly improved the efficiency of users' data interaction between different devices. However, with the flow of data between devices, security and permission management have become crucial issues. Today, we will conduct an in-depth discussion on the relevant aspects of the cross-device clipboard in this regard.

Data Security Risks of the Clipboard (Risk of Unauthorized Data Synchronization)

While the cross-device clipboard brings convenience to users, it also introduces potential data security risks, among which the risk of unauthorized data synchronization is particularly prominent. Since the cross-device clipboard involves data transmission between multiple devices, if the security mechanism is not perfect, it is possible for data to be obtained by unauthorized devices. For example, after a user's multiple devices are logged in with the same Huawei account, under certain abnormal circumstances, malicious software may take advantage of vulnerabilities to obtain clipboard data, resulting in the leakage of users' sensitive information (such as passwords, ID numbers, etc.).

In addition, during the data transmission process, if the encryption measures of the transmission channel are not in place, the data may also be stolen or tampered with. Although HarmonyOS Next has adopted a variety of security protection measures in its design, developers still need to pay great attention to these potential risks when using the cross-device clipboard to ensure that the application will not cause security problems due to its own vulnerabilities during use.

Permission Management and User Authorization Mechanism (How to Correctly Apply for the ohos.permission.READ_PASTEBOARD Permission)

In order to ensure the security of clipboard data, HarmonyOS Next has established a strict permission management and user authorization mechanism. When using the cross-device clipboard, if an application wants to access the clipboard in the background of a custom control, it needs to apply for the ohos.permission.READ_PASTEBOARD permission.

Since API 12, there is no need to apply for the ohos.permission.DISTRIBUTED_DATASYNC permission. However, in API 11 and previous versions, this permission also needs to be declared and a pop-up window should be shown to request user authorization when the application is launched for the first time or when entering the continuation page. For the application of the ohos.permission.READ_PASTEBOARD permission, developers need to follow the standard process.

In the application code, the permission requirements should first be clearly defined in the relevant module. For example, declare the permission in the module.json5 file:

{
    "module": {
        "abilities": [
            {
                "permissions": [
                    "ohos.permission.READ_PASTEBOARD"
                ]
            }
        ]
    }
}
Enter fullscreen mode Exit fullscreen mode

Then, in the code logic where the clipboard needs to be accessed, carefully perform permission checking and application operations. Taking ArkTS code as an example:

import pasteboard from '@ohos.pasteboard';
import { BusinessError } from '@ohos.base';
import { hilog, LogLevel } from '@ohos.hilog';

async function readClipboardData() {
    if (!await checkPermission('ohos.permission.READ_PASTEBOARD')) {
        // Apply for permission
        let result = await requestPermission('ohos.permission.READ_PASTEBOARD');
        if (!result) {
            hilog.log(LogLevel.ERROR, 0x0010, 'Permission request failed');
            return;
        }
    }
    let systemPasteBoard: pasteboard.SystemPasteboard = pasteboard.getSystemPasteboard();
    systemPasteBoard.getData((err: BusinessError, data: pasteboard.PasteData) => {
        if (err) {
            hilog.error(0x0010, `Failed to get pastedata. Code: ${err.code}, message: ${err.message}`);
            return;
        }
        // Process clipboard data
        let primaryText: string = data.getPrimaryText();
        hilog.info(0x0010, `Clipboard text: ${primaryText}`);
    });
}
Enter fullscreen mode Exit fullscreen mode

In the above code, checkPermission and requestPermission are custom functions for checking and applying for permissions (in actual development, you can refer to the official documentation for implementation). Through such a process, it is ensured that the application has obtained the user's explicit authorization before obtaining the clipboard data, thereby protecting the user's privacy and data security.

Best Practices: How to Use the Clipboard Efficiently While Ensuring Security (Code Examples)

In actual development, developers need to make full use of the cross-device clipboard to enhance the user experience of the application while ensuring security. The following takes a simple cross-device text synchronization application as an example to show the best practice methods.

Device A (Copying End) 

import pasteboard from '@ohos.pasteboard';
import { BusinessError } from '@ohos.base';
import { hilog, LogLevel } from '@ohos.hilog';

async function copyTextToClipboard() {
    let text: string = 'Text content for secure synchronization';
    let pasteData: pasteboard.PasteData = pasteboard.createData(pasteboard.MIMETYPE_TEXT_PLAIN, text);
    let systemPasteBoard: pasteboard.SystemPasteboard = pasteboard.getSystemPasteboard();
    await systemPasteBoard.setData(pasteData).catch((err: BusinessError) => {
        hilog.error(0x0010, `Failed to set pastedata. Code: ${err.code}, message: ${err.message}`);
    });
}
Enter fullscreen mode Exit fullscreen mode

In this code, device A copies the text content to the clipboard. Before data transmission, the data is clearly defined, avoiding the risk of casually copying sensitive data.

Device B (Pasting End) 

import pasteboard from '@ohos.pasteboard';
import { BusinessError } from '@ohos.base';
import { hilog, LogLevel } from '@ohos.hilog';

async function readClipboardAndProcess() {
    if (!await checkPermission('ohos.permission.READ_PASTEBOARD')) {
        let result = await requestPermission('ohos.permission.READ_PASTEBOARD');
        if (!result) {
            hilog.log(LogLevel.ERROR, 0x0010, 'Permission request failed');
            return;
        }
    }
    let systemPasteBoard: pasteboard.SystemPasteboard = pasteboard.getSystemPasteboard();
    systemPasteBoard.getData((err: BusinessError, data: pasteboard.PasteData) => {
        if (err) {
            hilog.error(0x0010, `Failed to get pastedata. Code: ${err.code}, message: ${err.message}`);
            return;
        }
        let primaryText: string = data.getPrimaryText();
        if (primaryText) {
            // Perform security processing on the obtained text, such as checking whether the text content meets expectations
            if (isValidText(primaryText)) {
                hilog.info(0x0010, `Received valid text: ${primaryText}`);
                // Perform subsequent business operations, such as displaying on the interface
            } else {
                hilog.warn(0x0010, 'Received invalid text, may be a security risk');
            }
        }
    });
}
Enter fullscreen mode Exit fullscreen mode

At the device B end, first, perform permission checking and application to ensure that the application has the right to access the clipboard. After obtaining the clipboard data, perform validity checking on the data to avoid processing data that may pose a security risk. In this way, the efficient use of the cross-device clipboard is achieved while ensuring security.

The security and permission management of the cross-device clipboard in HarmonyOS Next are aspects that developers must pay attention to during the application development process. By understanding the data security risks, correctly managing permissions, and following the best practices, developers can create a secure, reliable, and efficient application experience for users.

Top comments (0)