Tech researchers for Mysk blog, Talal Haj Bakry and Tommy Mysk, have uncovered over 32 iOS apps that access user’s personal data copied to the iOS clipboard like passwords, addresses, images, and more. The list of apps snooping around on iOS devices also includes well known social platforms like TikTok.
These apps are invading each user’s privacy by accessing sensitive information without permission by snooping on text copied to the clipboard every time an app is opened or interacted with.
Copying clipboard content from multiple devices
Retrieving user data is not always restricted to a single device for Apple users. If an iPhone, iPad, and Mac are logged-in via the same Apple ID and the devices are within 10 feet of each other, then all of them share a Universal Clipboard. This means that the content copied to the clipboard on one device can be accessed by an app opened on another device.
An iPhone can easily read sensitive data on other connected devices including passwords, addresses, credit card information, and almost anything else copied by the user to the clipboard. The information can be used for sinister means like blackmail, fraud, theft, and more.
Mysk commented on the apps’ indiscriminate snooping as:
“It’s very, very dangerous, These apps are reading clipboards, and there’s no reason to do this. An app that does have a text field to enter text has no reason to read clipboard text.”
Fortunately, to rectify this security vulnerability, iOS 14 Developer beta has a new privacy feature that notifies users whenever an app accesses their clipboard content and it is because of this feature that the intrusive apps have been caught.
The representatives of the popular video recording platform commented on the matter:
“Following the beta release of iOS14 on June 22, users saw notifications while using a number of popular apps. For TikTok, this was triggered by a feature designed to identify repetitive, spammy behavior. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.
TikTok is committed to protecting users’ privacy and being transparent about how our app works. We look forward to welcoming outside experts to our Transparency Center later this year.”
TikTok was initially called out for its snooping practices in March and the app responded that it would end the practice in ‘coming weeks’. However, the app did not stop monitoring clipboards in iOS devices.
A twitter thread by Jeremy Burge revealed that the app continues to copy content every second or so, violating the privacy of users more than ever.
The alternative possibility is TikTok stealing what is on my clipboard every single time I type a keystroke.
I don't have a way to know for sure. Thought it worth putting out there.
— Jeremy Burge (@jeremyburge) June 24, 2020
Other apps that snoop around and copy sensitive content via iPhones are:
- PUBG Mobile
- 8 Ball Pool
- ABC News
- New York Times
Read the full list apps here.
Having said that, new privacy features in iOS 14 will drastically reduce tracking by apps and websites. Till the time the operating system is available for the public, users should stay alert that any app on their iPhone or iPad might secretly be accessing their clipboard data.
See the video from Bakry and Mysk below:
- iOS 14 ‘Ask Permission’ privacy feature will switch IDFA tracking to opt-in
- Vision framework updates will allow iOS developers to use hand and body gestures in apps
- New Back Tap can be used to launch apps or Shortcuts in iOS 14