I'm still utterly perplexed about why every major operating system handles the clipboard this way. It's such an obvious privacy issue, and the fix seems really simple: only allow clipboard access when the user explicitly grants access through a system-provided user interface (whether that be a dialogue box, menu item or keyboard shortcut)

Apple's iOS 14 uses the half-solution of notifying the user after an application has read the clipboard. But at that point the end user is already a step behind the attacker, and mitigations may no longer be possible. Nevermind that this solution is dependant on the user noticing and understanding the implications of the clipboard access notification (the novice user is likely oblivious to the security risks)