We got a report from a user that is concerned about security issues as opening a game showed a message like “Game pasted from Bank App” at startup, without user input, which seems to be related to the use of GUIUtility.systemCopyBuffer and iOS 14 privacy updates.
This is a major issue, has anyone else seen this? It seems TMP InputField uses this, could it be the cause?
Was just notified of this post. The TMP Input Field does indeed use the GUIUtility.systemCopyBuffer to allow users to copy / paste text from their system to the input field.
Since the Input field simply uses this existing API in Unity, I will track down whoever owns this API to see how they plan to address this concern.
In the meantime, you could modify the TMP_InputField.cs to remove the use of GUIUtility.systemCopyBuffer. Make the following changes around line 1338.
static string clipboard
{
get
{
return string.Empty;
}
set { }
}
You will need to make these changes in the Global package cache.
1 Like