Skip to content

Clipboard Protection

Introduction

SAP BTP SDK for iOS v9.2 introduces clipboard protection, a security feature that restricts cut, copy, and paste of clipboard data from and to the application while allowing copying and pasting within the application. This limits the data from crossing the application boundary easily via the clipboard and protects the application from malware that might try to steal data by reading the contents of the clipboard.

Enabling Clipboard Protection Policy

You can enable clipboard protection policy by enabling Restrict Cut, Copy and Paste between Apps in the Client Configuration tab under Mobile Settings Exchange feature in mobile services cockpit. It can also be enabled during the Create new application process in SAP BTP SDK Assistant for iOS v9.2.

iOS Clipboard Protection Settings

Usage

An app developer can leverage the device clipboard protection feature by using the SAPFoundation framework APIs directly, as described below.

    try ClipboardProtectionEnforcer.shared.enforce(policy: .blocked)
    // ... during this time copied values cannot be pasted to and from other apps
    try ClipboardProtectionEnforcer.shared.enforce(policy: .unrestricted)

Another usage method is to use the SAPFioriFlows framework, which makes it more convenient as described below.

Once the clipboard protection policy is enabled, add the newly introduced SAPcpmsSecurityPolicyApplyStep to the onboardingSteps and restoringSteps in OnboardingFlowProvider.swift.

SAPcpmsSecurityPolicyApplyStep enforces the policy set in the mobile services cockpit during the onboarding and restoration of the application.

In case Restrict Cut, Copy and Paste between Apps is not enabled in mobile services cockpit, adding SAPcpmsSecurityPolicyApplyStep will not have any effect during actions such as onboarding, restoration, and passcode reset (it does not restrict the cutting, copying, and pasting of data to and from the application.

Based on the policy set in mobile services cockpit, SAPcpmsSecurityPolicyApplyStep is automatically added in OnboardingFlowProvider.swift while generating the client application using Create new application or Reuse existing application in the SAP BTP SDK Assistant for iOS.

    public var onboardingSteps: [OnboardingStep] {
        return [
            ...
            CompositeStep(steps: SAPcpmsDefaultSteps.settingsDownload),
            CompositeStep(steps: SAPcpmsDefaultSteps.applyDuringOnboard),
            SAPcpmsSecurityPolicyApplyStep(),
            ...
        ]
    }
    public var restoringSteps: [OnboardingStep] {
        return [
            ...
            CompositeStep(steps: SAPcpmsDefaultSteps.settingsDownload),
            CompositeStep(steps: SAPcpmsDefaultSteps.applyDuringRestore),
            SAPcpmsSecurityPolicyApplyStep(),
            ...
        ]
    }

Precondition

SAPcpmsSecurityPolicyApplyStep needs to run any time after SAPcpmsSettingsDownloadStep. SAPcpmsSettingsDownloadStep, usually used indirectly through SAPcpmsDefaultSteps.settingsDownload, will obtain the required policy information.

Last update: June 12, 2023