Once again, software applications prove again that they do not care about your sensitive information. Reports have emerged that TikTok along with more than 30 other iOS apps consistently snoop on their user’s clipboards which may or may not contain bitcoin addresses, passwords, and financial details. Of course, the story itself is not new since the first time researchers managed to find such troubling privacy violations was in March of this year. Back then researchers reported on four dozen such apps including TikTok. TikTok is currently one of the most downloaded social media apps coming from China. It also allows users to share short videos. In any case, TikTok vowed in March that it would take all the necessary measures to curb such privacy problems. But it has continued to snoop on its users’ sensitive information. As mentioned at the top, TikTok did not fix privacy issues which could have allowed the app to look at user passwords, personal messages, cryptocurrency wallets along with passwords. And that is when researchers made the privacy violation discoveries public. In fact, of the 50 or so apps that researchers found were violating their users’ privacy, a full 32 continued to collect data since March. So what exactly is the privacy problem of TikTok?
Well, TikTok along with 30 plus other apps took a look at any type of text that their users pasted in their clipboard. And they did so repeatedly. Most devices including computers and smartphones have this facility to store data whenever the user copies or cuts text from applications such as email and password managers. Now, TikTok and other apps really had no reason to snoop on such information. Researchers Tommy, Mysk and Talal Haj Bakry discovered that these apps called the exact interface on the iOS platform that had the job of retrieving sensitive text from the clipboard of the apps’ users.
Snooping has become universal
Covert reading of user data is not something new nor does it have to happen on the user’s local device. In the case of Apple devices such as iPad and iPhone that make use of the same Apple ID and are also lying within 10 feet of each other, their clipboard is universal. In other words, they share the stuff that’s on the clipboard. It also means that if someone wants to he/she can copy the contents of one app that may be installed on a given Apple device and then paste that piece of content on another device’s app.
Because of this arrangement, sometimes a given app on a given Apple device reads data that the user considers sensitive via the clipboard that belongs to some other Apple device in the vicinity.
As mentioned before as well, such clipboard content can include email messages, passwords, and bitcoin addresses. It is true that such information is only stored on the device’s clipboard temporarily. But that does not change the fact that iOS apps like TikTok and others do not have to work hard to read clipboard data not just from the user’s device but from other Apple devices as well.
So why is all the focus on TikTok when there are 30 more apps doing the same thing?
Well, the primary reason why most of the media is focusing on TikTok is because of the number of people who have downloaded the app. By one estimate, more than 800 million people have the app on their phones. If we just take the second half of 2018, more than 104 million people downloaded the app.
None of that stopped TikTok from snooping on its users though. Back when researchers let TikTok know about their practice the company told The Telegraph that it would cease all operations involved with the collection of such data. However, according to Mysk, TikTok never stopped looking at the users’ clipboards.
Now it has been unearthed, that’s not even the worst part. The worst part is that TikTok reads the clipboard of a given Apple device each time a given user uses the space button or clicked the punctuation mark while writing some text in an email or a comment.
The New iOS 14 Is Putting the Spotlight on Privacy
The clipboard data notification is among the handful of privacy features Apple has included in iOS 14. One of the major additions is to its App Store, where developers will be required to specify the kind of data apps will collect. Users will be able to access this information on product pages on the App Store.