IBM Support

MaaS360 stops clipboard use for passcode management

Release Notes


Abstract

With a new privacy update for clipboard data security, Apple added a new banner alert to iOS14 that notifies users when an app reads the contents of a clipboard. MaaS360 proactively reads the clipboard data to protect corporate data copied to it and to enforce container passcode policies specified by Admin among the container apps. With MaaS360 for iOS version 3.200, MaaS360 stops clipboard use for passcode management to avoid the banner alerts on iOS 14 devices except for the scenarios wherein the end-user explicitly performs a paste operation.

Content

Apple's privacy update for clipboard data security

With iOS 14, Apple added a new banner alert that notifies users when an app reads the contents of the device clipboard. The banner alert notifies users of the context of the source app, the app where the clipboard was copied from.

The banner alerts are triggered in the following scenarios:

  • Users explicitly request the app to perform a paste operation.
  • Apps quietly read (abuse) the clipboard data without the knowledge of the users.
  • Legitimate apps proactively read the clipboard data to perform smart actions without the knowledge of the users.

Impact on MaaS360 and SDK apps

MaaS360 reads the clipboard data whenever the app is launched or brought to the foreground for the following reasons:

  • Protect the corporate data copied by the user to the clipboard.
  • Read and write container passcode management context (PIN attempt failures, locked .etc) to the clipboard to avoid the passcode based SSO issues beyond the app group barriers.

Accessing the clipboard content for the reasons above when the users are not explicitly performing a paste operation does not warrant a banner. MaaS360 stops writing passcode management context to the clipboard to avoid iOS 14 clipboard banners when the MaaS360 app is launched or brought to the foreground.

Behavior changes
 

Fully migrated MaaS group of Apps or fully migrated customer group of Apps
  • Passcode content is not shared between one group to another group app.
  • When switching from one group of the app to another group app, the Passcode prompt will be shown on the target app even though the user has entered the passcode on the source group app and has not timed out.  
Partially migrated apps
  • When switching from one group of the app to another group app, the Passcode prompt will be shown on timeout the target(MaaS360 App) app group though the user completed the passcode on the source group app.
  • The block screens “Number of passcode attempts left” & “Maas360 Disabled“ will not be displayed until an incorrect passcode is entered.
  • Switching among customer group apps resulting in inconsistent passcode prompts
Non-migrated MaaS group of Apps OR Non-migrated Customer group of Apps
  • The banner will be displayed. This is a state when the MaaS360 for iOS app version lower than 3.200 is used on iOS 14 devices.

Fully migrated apps: MaaS360 app 3.200, Browser app 3.21, Editor app 2.70.

Partially migrated apps: Browser app 3.21 or lower, Editor app 2.70 or lower, and SDK app 3.30.800.

Fully migrated customer group of apps: Customer apps compiled with MaaS360 SDK 3.30.900.

Non-migrated customer group of apps: Customer apps compiled with MaaS360 SDK 3.30.800 or lower.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
09 March 2021

UID

ibm16332179

Page Feedback