TikTok is one of 50 apps that look at what’s on your iPhone’s clipboard without users’ knowledge. This emerges from a new study.
Apps read your iPhone clipboard
iOS developers Tommy Mysk and Talal Haj Bakry went to investigate and discovered about 50 apps that read the contents of your clipboard when you open the app. The clipboard currently contains the last copied text, which can be a password or credit card number, as well as other privacy sensitive text. If someone copies a photo, the location can also be deduced from it.
This does not prove that the 50 apps do anything malicious with the info. However, it does open the door to abuse. Apps on iOS and iPadOS can access copied data when you open the app. This is usually desirable behavior. Because if you copy a password from 1Password and then browse to another app, the intention is usually to paste the password immediately afterwards. According to Apple , it is desirable behavior. But what if there is something in your clipboard from a previous cut or copy action?
In a blog post, Mysk and Bakry explain what they discovered. These are apps such as Accuweather, Truecaller, Overstock and the aforementioned TikTok. There are also some news apps in the list. The developers used Xcode to analyze the behavior of apps. They also published a proof-of-concept video to show how it works. The developers only looked at copied text and not photos.
Mysk and Bakry also dove into the problem earlier. In February they submitted their results to Apple, but were told there was no problem. Only apps that are active in the foreground can read the clipboard (clipboard). The duo then created a widget to prove that apps in the Today view can also read clipboard contents. It would work on the Mac too.
The developers think it may be related to an outdated library. Developers may not even be aware that their app is reading the clipboard. But Apple can of course do something about it.