Claude Android App Reportedly Reads Clipboard Without Explicit User Action

Reported Incident Details
A user on r/ClaudeAI reported unexpected behavior with the Claude Android app. While browsing on their Android phone, they copied a block of code to have Claude analyze it. They started a new chat in the Claude app and asked it to review the code, but forgot to paste the clipboard content before sending the request.
According to the report, Claude proceeded to analyze the entire code block anyway, suggesting the app read the clipboard content without explicit user action and sent it along with the message. To verify, the user asked Claude what the filename was in its memory, and Claude replied that the file was stored as pasted_text_b4a56202-3d12-43c8-aa31-a39367a9a354.txt in its uploads directory.
The user then asked Claude to rewrite the first 20 lines of the code, which matched exactly the original code they had copied to their clipboard. When attempting to recreate the behavior in a new chat, Claude responded that it couldn't read any code until it was uploaded. The user confirmed they didn't upload anything in the first chat and there was no code in their original request or as an attachment.
Privacy Implications
The user expressed concern that this represents a significant privacy issue, stating that "an app should not be reading clipboard content without explicit user action." The behavior appears inconsistent, working once but not in subsequent attempts, leaving uncertainty about whether this is an intentional feature or a bug.
This type of clipboard access without user consent could potentially expose sensitive information that users have copied but not intended to share with the application.
📖 Read the full source: r/ClaudeAI
👀 See Also

A2A Secure: How Developers Built Cryptographic Communication Between OpenClaw Agents
A new protocol enables OpenClaw agents to communicate securely using Ed25519 signatures without shared API keys.

NPM Compromise via Axios Backdoor: Impact on AI Coding Agents
On March 31, 2026, a DPRK-linked threat actor compromised npm by publishing backdoored versions of Axios (1.14.1 and 0.30.4) during a 3-hour window. The malware injected a dependency that downloaded a platform-specific RAT, harvested credentials, and self-erased, with AI coding agents like Claude Code and Cursor being particularly vulnerable due to automated npm installs.

Google Says Criminal Hackers Used AI to Find Zero-Day Vulnerability
Google disclosed that attackers used an AI agent to discover and exploit a previously unknown software flaw, marking the first confirmed case of AI-driven zero-day discovery in the wild.

Delimiter defense boosts Gemma 4 from 21% to 100% prompt injection defense in 6100+ test benchmark
A benchmark tested 15 models across 7 attack types (6100+ tests) using random delimiters around untrusted content. Gemma 4 E4B went from 21.6% to 100% defense rate with delimiter + strict prompt.