A project demonstrating a security hole In Android's API that allows any installed application to listen to changes to the clipboard (listen to everything that you copy and paste).
I am not trying to raise an issue here. I just would like to let you know that I share the exact thought with you. It is so odd to me that Clipboard Listener does not require any permission at all. And with the Internet Permission, this is just insane.
That is the reason why I developed AnyCopy, which is a clipboard manager app that does NOT require Internet Permission to eliminate the possibility that the app would upload the data to the server. You might want to give it a try.