paint-brush
Securing Text Fields in iOS Apps: Restricting 'Cut,' 'Copy,' and 'Paste' Operations Using Swiftby@hacker8965561
106 reads

Securing Text Fields in iOS Apps: Restricting 'Cut,' 'Copy,' and 'Paste' Operations Using Swift

by Vitalii ShapovalovNovember 6th, 2024
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

In this article, we'll explore how to use Swift to restrict "cut," "copy," and "paste" operations in text fields of iOS applications. We will use the 'TextInputSwizzler' class, which enables us to "intercept" standard text operation methods in text field and replace them with secure versions.
featured image - Securing Text Fields in iOS Apps: Restricting 'Cut,' 'Copy,' and 'Paste' Operations Using Swift
Vitalii Shapovalov HackerNoon profile picture

In modern applications, data security is a top priority, especially when sensitive information may be copied or transferred to external applications. By preventing certain actions like "cut," "copy," and "paste" on text fields within iOS apps, we can safeguard text data, ensuring it remains within a trusted group of applications. This article demonstrates how to achieve this protection using Swift, while maintaining full control over text-related operations.

Goals of This Approach

  1. Restrict External Text Sharing: By managing text actions, we can prevent unauthorized access to sensitive information.
  2. Safe Text Storage and Management: Creating an internal buffer ensures that sensitive text remains protected within the app.
  3. Controlled Clipboard Access: By limiting access to the system clipboard, we can ensure that only authorized applications within a defined group can access this information.

Implementation Overview

Our approach centers around the TextActionInterceptor class, which "swizzles" standard text-related methods, replacing them with secure alternatives. This class intercepts and overrides the "copy," "paste," and "cut" methods, with an option to enable or disable swizzling dynamically.

Core Components

  1. Enum for Text Actions: The TextAction enumeration defines all the actions related to text that we want to control.
  2. Saved Method Structure: The SavedTextAction struct stores original implementations of methods, allowing us to restore them as needed.
  3. Swizzling Methods: The toggleSwizzling method manages the swizzling state, enabling or disabling the replacement of standard implementations.

Code Example

Let’s go through key code segments that bring this functionality to life.



class TextActionInterceptor {

    enum TextAction: String {
        case cut
        case copy
        case paste
        case define
        case translate
        case modify
        case update
        case previewItem
    }

    struct SavedTextAction {
        var methodRef: Method
        var originalImplementation: IMP
        var selector: Selector
    }

    private var isSwizzled = false
    var savedActions: [TextAction: SavedTextAction] = [:]
    
    // Method to intercept the "copy" action
    func interceptCopy(_ sender: Any?) {
        guard
            let inputField = retrieveTextInput(sender),
            let range = inputField.selectedTextRange,
            let text = inputField.text(in: range)
        else { return }

        SecureClipboard.shared.contents = text
    }

    // Similar methods for "cut" and "paste"
    func interceptPaste(_ sender: Any?) {
        guard
            let inputField = retrieveTextInput(sender),
            let range = inputField.selectedTextRange,
            let text = SecureClipboard.shared.contents
        else { return }

        inputField.replace(range, withText: text)
    }

    func interceptCut(_ sender: Any?) {
        guard
            let inputField = retrieveTextInput(sender),
            let range = inputField.selectedTextRange,
            let cutText = inputField.text(in: range)
        else { return }

        SecureClipboard.shared.contents = cutText
        inputField.replace(range, withText: "")
    }
    
    // Method to enable or disable swizzling
    func toggleSwizzling(_ enable: Bool) {
        guard enable != isSwizzled else { return }
        isSwizzled = enable
        savedActions.forEach { (_, action) in
            let swizzledMethod = class_getInstanceMethod(
                object_getClass(self),
                action.selector
            )
            guard enable else {
                method_setImplementation(action.methodRef, action.originalImplementation)
                return
            }
            method_exchangeImplementations(action.methodRef, swizzledMethod!)
        }
    }
}


Implementing a Secure Clipboard

The SecureClipboard class is responsible for managing text stored in the clipboard. It blocks any attempt to share text data externally, ensuring it stays within the app's defined ecosystem.


final class SecureClipboard {

    static let restrictedTextPlaceholder = "Access Restricted"
    static var shared = SecureClipboard()
    private let placeholderItem: [String: String]
    private var clipboard: UIPasteboard
    private(set) var internalBuffer: String?

    init() {
        placeholderItem = ["public.utf8-plain-text": SecureClipboard.restrictedTextPlaceholder]
        clipboard = UIPasteboard.general
    }

    var contents: String? {
        get {
            guard
                let clipboardText = clipboard.string,
                clipboardText != SecureClipboard.restrictedTextPlaceholder
            else { return internalBuffer }
            return clipboardText
        }
        set {
            guard let newText = newValue else {
                internalBuffer = nil
                return
            }
            clipboard.items = [placeholderItem]
            internalBuffer = newText.isEmpty ? nil : newText
        }
    }
}


How This Works

  1. Swizzling of Methods: We replace the standard text action methods with customized, secure methods.
  2. Secure Copying: The interceptCopy method intercepts "copy" actions and transfers the text to the SecureClipboard instead of the system clipboard.
  3. Flexible Management: Swizzling can be dynamically enabled or disabled, allowing for adaptable data security.

Summary and Results

Applying this approach achieves multiple levels of data security:


  • Access Control: All text operations are managed within the application, preventing potential data leaks.

  • Safe Data Storage: Text data is accessible only within a controlled application group.

  • Flexible configuration: The ability to enable and disable swizzling allows flexible control of data security based on conditions.


By using swizzling and an internal clipboard, we ensure a high level of data protection in iOS applications. This approach offers a robust solution for maintaining text security across applications in a defined environment.