A relatively minor but important change that Apple has introduced in iOS 14 is that users are alerted whenever an application reads or pastes clipboard data. This change has revealed that a number of iOS apps are constantly scrapping clipboard data including TikTok.
A video shows the TikTok app on iPhone “pasting” users’ clipboard data every few seconds.
Apple’s welcome iOS 14 security and privacy changes have caught them red-handed still doing something they shouldn’t. Something they said was fixed. TikTok isn’t alone—other apps will now need to change deliberate or inadvertent clipboard access. But TikTok is the highest profile and most totemic of the apps caught out, given its prior coverage and wider issues.
The most severe issue with this vulnerability is Apple’s universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information. Anything.
Earlier in the year, when TikTok was first exposed, the security researchers acknowledged that there was no way to tell what the app might be doing with user data, and its abuse was lost in the mix of many others. Now it’s feeling different. iOS users can relax, knowing that Apple’s latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well.
“Apple dismissed the risks that we highlighted and explained that iOS already had mechanisms to counter all of the risks,” the researchers told me earlier this week. “But the mechanisms that Apple provided were not effective to protect user privacy.” Following their initial report, they explained, “there was a tremendous public interaction with the topic—not only iOS users, but also Android users demand more restriction and transparency about the apps that use the system-wide clipboard.”
Apple originally dismissed the clipboard vulnerability as an issue, and only provided a fix after significant media coverage of the security research. This latest news shows just how important a fix that will be.
All iPhone users should update to the latest version of TikTok as soon as it’s released—and given it is actively reading your clipboard, you might want to bear that in mind while using the app ahead of that update.
Since the revelation, TikTok has issued a statement saying it read clipboard data to identify “repetitive, spammy behavior” and has updated its app to remove this functionality. The updated version of the app is already live on the App Store.
Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification pic.twitter.com/OSXP43t5SZ
— Jeremy Burge (@jeremyburge) June 24, 2020
“Following the beta release of iOS 14 on June 22, users saw notifications while using a number of popular apps.
“For TikTok, this was triggered by a feature designed to identify repetitive, spammy behavior. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.
“TikTok is committed to protecting users’ privacy and being transparent about how our app works.”
TikTok is just one of the few apps that reads clipboard data for reasons that are seemingly not clear. Starbucks, AccuWeather, Call of Duty Mobile, and AliExpress are a few of the other apps that have also been found reading users’ clipboards. Incidentally, this is not the first time that it was pointed out that TikTok was reading users’ clipboard data. This behavior was revealed back in March itself and back then, TikTok had promised to remove the functionality from its app.
This small change from Apple in iOS 14 about informing users whenever an app reads their clipboard data is going to have huge implications for a lot of apps and developers. It will force developers to change their behavior as most users could otherwise feel uncomfortable seeing an app read their clipboard data for no reason at all. Not legal reason that is.
Don’t forget to check out the 100+ new iOS 14 features for iPhone that we have discovered so far.
Comments