According to a Forbes article, Chinese-origin TikTok is not only an app that could be exploiting the vulnerability, but it is the most high-profile of all apps caught spying on users. The app has been recording what the users are typing on their phones which could range from normal information to passwords or even sensitive emails. The article adds that TikTok had said it would stop the “invasive practice” in April, but is still continuing to do so.
The problem begins with iOS’s clipboard function. The function helps a user copy text or image and paste it on another app. The clipboard can also be used to copy-paste a text and images from one Apple device to another Apple device, like from an iPhone to a Mac or an iPad.
However, because of the way Apple software was designed, any app was able to record all text and images that were copy-pasted via the clipboard function. There would be no warning or notice to the user that a particular app is recording information the user was copying via the clipboard function.
Since the clipboard function is also used by Apple users to copy-paste information between their Apple devices, the Forbes article states that for example, if TikTok is active on an iPhone, it can “read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information”.
A researcher blog also mentioned in the Forbes article said user location can be recorded by an app that is monitoring the clipboard function used by an unwitting user to copy-paste an image.
TikTok claimed in April that it would stop the ‘invasive practice’, but users testing Apple’s upcoming iOS 14 have caught it copying from clipboard functions.
Users currently testing the beta version of the upcoming iOS 14 software for iPhones have found that TikTok is recording what they are typing on their phones, which could range from non-sensitive information to passwords or even sensitive emails.
Now the Apple company has released a beta version of the upcoming iOS 14 software. The beta version alerts a user whenever an app copies what the user has pasted on the clipboard.
A verified Twitter user, Jeremy Burge, a historian of emojis, testing out the iOS 14 beta version, posted a video of how the new operating system alerts him whenever TikTok copies something he is typing on his clipboard.
TikTok has commented on the matter — the Forbes article cites the company as saying the issue is “triggered by a feature designed to identify repetitive, spammy behavior”, and that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion”.
According to the Forbes article, it is not yet known if a similar issue persists for Android users or not.