Apr 27, 2026 6 min read

Manual send by default: how ClipHop handles OTPs, passwords, and sensitive clips

Why ClipHop's default is manual-send — you tap to push each clip — and why content-level password filtering is an honest-to-god lie other clipboard tools tell.

By Anshul Garg

If you’ve been reading clipboard-sync product pages for the last decade, you’ve seen the line before: “Password-manager pastes are filtered out automatically.” It sounds reassuring. It’s mostly not true.

This post explains what ClipHop does instead, why it does it that way, and why the content-filtering claim that competitors lean on is harder to deliver than it looks.

The default: manual send#

Open ClipHop on Android. You’ll see a history of everything you’ve copied on either device — the ones you copied on the phone, and the ones your paired Mac sent you. Each item has a ✈ send icon next to it.

The moment you copy something on the phone, it lands in that history. It does not get sent to the Mac. To send it, you tap the ✈ icon on the item you want to push.

This is the default. It is also the on-brand default for a clipboard tool that cares about privacy: the clipboard leaves your device only when you explicitly ask it to. OTPs your bank just texted, half-written drafts you haven’t finished, commands you haven’t decided to run, passwords you pulled from your manager — none of them leave the device. They sit in history on the phone. You pick the ones you want synced.

On Mac, the same model applies in reverse. Open the menu-bar panel, select a history item, press ✈ or the send shortcut, and it goes to the phone.

Why not auto-send everything?#

Because auto-sending everything is the surface area for every clipboard leak people worry about. You copy a password from 1Password to paste into an app. If your clipboard sync is set to auto-forward, that password goes to your Mac (or phone, or every device in your pair) whether you intended to use it there or not. It’s now in a second device’s clipboard, a second device’s history, and a second device’s paste buffer that any foreground app can read.

The default behavior of a sync tool should match its most common valuable use case, not its maximally convenient use case:

Most common: “I just grabbed this URL on my phone, I want to open it on my Mac.”
Most common: “I got an OTP on my phone, I want to paste it on my Mac.”
Valuable: “I wrote a paragraph on my phone, I want to finish it on my Mac.”

In every one of these, you know before you copy that you’re going to want the clip on the other device. Explicit send adds one tap to a flow that’s otherwise copy-paste-paste. That’s a small price for the guarantee that you’re in control of what crosses devices.

The Auto-send beta — what it does and why it’s flagged#

ClipHop does offer an Auto-send clipboards toggle, under Settings → Sync. It’s off by default. When you turn it on, every clipboard change is immediately pushed to the paired device.

The app displays this warning next to the toggle:

⚠ Every clipboard change on this device is automatically sent to the paired device — including passwords and OTPs. Manual sends always work regardless of this setting.

We do not filter content when Auto-send is on. We do not promise to filter it. The toggle is labeled beta deliberately: it’s useful for specific workflows (live coding sessions, pair programming, screen-share demos where every copy should appear on the other device), and we’ve left it on rather than remove it — but we want users who enable it to know exactly what they’re opting into.

Why competitors’ “password filtering” doesn’t really work#

Several clipboard managers advertise “password-manager pastes are filtered automatically” or “sensitive content is blocked from sync”. If you dig into what this actually means in the codebase (for the open-source ones) or test against real password managers, the picture is less reassuring than the marketing.

How content filtering typically works:

Check for OS-level flags that signal “sensitive” content. On macOS that’s NSPasteboardTypeTransient / NSPasteboardTypeConcealed. On Android, newer versions let ClipData carry an EXTRA_IS_SENSITIVE flag.
Skip the clip if a flag is set.

Why it misses things:

Not all password managers set the flags consistently. Some do, some don’t, some do on Mac but not Android, some used to and stopped. A filtering tool’s effectiveness is exactly as good as the weakest-flagging password manager you use.
OTP codes almost never carry the flag. OTPs arrive via SMS, email, or an authenticator app, get copied by the user, and land in the clipboard with no sensitivity hint. A filter that blocks password-manager pastes will still happily sync a six-digit bank OTP.
Anything copied from a password manager’s “password show” view — e.g., someone revealed a password to read it — doesn’t get the flag.
Partial credentials pasted from password reset flows, recovery codes, API tokens, SSH keys — none of these are reliably flagged.
False positives are common too: legitimate content (long hex strings, API keys meant to sync) can get over-aggressive heuristic filters that block based on entropy or length.

The result: if a product claims to filter passwords and you trust that claim, you’re likely to be less careful with your clipboard than you would be without the claim — and the filter will miss enough real cases that you’re still exposed, but now with a false sense of safety.

The manual-send model is the honest answer#

We picked manual send by default because it’s the only model where the user’s mental model matches what the tool actually does:

“I copied something.” → The clip is in history on this device.
“I tapped send.” → The clip is now on the other device.
“I didn’t tap send.” → The clip never left this device.

No magic, no heuristics, no “we tried to detect sensitive content for you.” The tool does exactly what you tell it, nothing else.

If you want auto-send for a specific session, turn on the beta toggle and the tool tells you exactly what you’ve opted into. Turn it back off when you’re done.

How this shows up in the UI#

Android history: every received item shows ↓ (received), every sent item shows ↑ (sent or sendable). Tap the ✈ next to any item to push it.
Mac panel: ↵ to copy + auto-paste an item locally. ✈ (the airplane glyph in the menu footer) to send the selected item to the phone.
Settings → Sync: Clipboard sync master toggle (pauses everything), Auto-apply (controls whether incoming items overwrite the local clipboard), Auto-send (the beta flag).

All of these are visible in the real app — see the Screens section on the homepage for annotated screenshots.

What this means for you#

If you’re comparing clipboard sync tools, add “what is the default send behavior?” to your checklist. You want:

Manual send as the default, with an opt-in auto-send for specific workflows.
Clear warnings on the auto-send toggle about what it actually does.
No filtering claims that sound more reassuring than the underlying flags actually support.

ClipHop meets that bar because the only reliable way to avoid leaking a clipboard item you didn’t mean to leak is to not send it. Manual send is the simplest way to guarantee that. Everything else is heuristics that fail in ways you won’t notice until they matter.

What your clipboard manager actually sees: a threat model — the fuller picture of who can observe clipboards and why.
How ClipHop encrypts your clipboard — the crypto layer that protects clips in transit.
How to sync your clipboard between Android and Mac — setup walkthrough.

Grab ClipHop from the download page. It ships with manual-send as the default. You won’t have to turn anything off to get it.