30 June 2020

Ars Technica: “TikTok and 53 other iOS apps still snoop your sensitive clipboard data”

In March, researchers uncovered a troubling privacy grab by more than four dozen iOS apps including TikTok, the Chinese-owned social media and video-sharing phenomenon that has taken the Internet by storm. Despite TikTok vowing to curb the practice, it continues to access some of Apple users’ most sensitive data, which can include passwords, cryptocurrency wallet addresses, account-reset links, and personal messages. Another 53 apps identified in March haven’t stopped either.

The privacy invasion is the result of the apps repeatedly reading any text that happens to reside in clipboards, which computers and other devices use to store data that has been cut or copied from things like password managers and email programs. With no clear reason for doing so, researchers Talal Haj Bakry and Tommy Mysk found, the apps deliberately called an iOS programming interface that retrieves text from users’ clipboards.

TikTok’s continued snooping has gotten extra scrutiny for other reasons. When called out in March, the video-sharing provider told UK publication The Telegraph it would end the practice in the coming weeks. Mysk said that the app never stopped the monitoring. What’s more, a Wednesday Twitter thread revealed that the clipboard reading occurred each time a user entered a punctuation mark or tapped the space bar while composing a comment. That means the clipboard reading can happen every second or so, a much more aggressive pace than documented in the March research, which found monitoring happened when the app was opened or reopened.

Dan Goodin

If you care in the least about you privacy, you should absolutely stay off TikTok! Its skyrocketing popularity despite massive security and privacy issues is a good example how the majority of people care too little about their individual privacy – or simply do not understand the implications of this continuous data collection, in this case likely for the benefit of the Chinese government.

The situation illustrates – again – the hypocrisy of Apple’s rhetoric around user privacy on iOS and its App Store rules: while Apple introduced new warnings about improper clipboard access in iOS 14, it did not take any action against these offending apps – and the behavior was known since March. Meanwhile, Apple is busy preventing competitors from getting a foothold on its platform and squeezing smaller developers dry, prioritizing cash and profits over the interests of its users.

In related news, the Indian government recently banned TikTok, along with dozens of other Chinese apps, saying they are engaged in activities prejudicial to sovereignty and integrity of India – although their reasons are at least partially political.

Post a Comment