Apple Catches TikTok Spying On Millions Of iPhone Users
Apple caught TikTok red-handed as it copied users’ clipboard texts. This has enabled Apple’s new iOS 14 operating system to close the security gap in the future. So far, users have received a notification instead if this gap is actually exploited.
It was already known at the beginning of the year that iOS 13 had a problem with apps being able to access texts that were typed on the clipboard. IOS 14 shows that this is not only theoretically a security threat, but also risky in practice.
The new operating system, which is already available in beta and is due to be published in autumn, has a feature that notifies users when apps adopt these clipboard texts. In practice, it looks like this:
In the video clip you can see how entrepreneur and emoji expert Jeremy Burge types the message:
“OK TikTok please don’t steal my clipboard content while I write a comment”.
TikTok responded to this criticism from the business magazine Forbes. Bytedance, the company behind TikTok, took the position there and blamed an outdated advertising SDK (Software Development Kit) from Google. Such SDKs are often the cause of problems, but that is exactly why they are the favorite excuse of many companies. The affected parts of the code are said to have been replaced accordingly.
However, it has now been found that the exploit is still ongoing. At least iOS 14 users still get the same messages that TikTok is copying the texts. TikTok then contacted Forbes again and has now found a new cause.
A feature is supposed to trigger the messages that “is designed to detect repetitive spam behavior”. A newer version has already been handed over to the app store that no longer contains this feature. Forbes journalist Zoffman has little faith in this statement. Given that this is not the first time that TikTok has raised concerns about its security, this is understandable. At the end of last year, the U.S. Navy had banned its soldiers from installing the Chinese app on marine devices. An indication that there may be other backdoors, or at least have existed.
If you use the app and want to continue using it in light of this revelation, you should definitely update to the latest version as soon as it is available. You have to keep in mind that the app can read everything else that you type on the clipboard. This also includes very personal messages. Since the app also has a feature for direct messages, in which you only supposedly have privacy, the whole thing is extremely questionable.
TikTok is far from the only case where an app uses this security hole. But it is by far one of the largest and best-known apps. With iOS-14 now disclosing which apps are actually using this gap, there will probably be more and more laggards in this scandal.
What ByteDance does or has done with the data is unfortunately a black box for all of us. Apple is also to be criticized for making this security vulnerability possible in the first place. With iOS 14 this gap will be closed in any case and the notification in the beta version was and is an important step in order to catch apps and companies in the act.
Update: Clipboard means the clipboard. It does not mean the clipboard if you copy texts according to the Ctrl + C principle, but the general buffering in which your keystrokes are forwarded to the respective application. Texts that you type on TikTok are temporarily stored on your mobile phone. TikTok picks up your texts in this temporary storage.
With Android there is no transparency as to whether a similar security vulnerability is also used by apps like TikTok. So far, neither Google nor TikTok has been questioned for this problem. In itself, however, this does not have to mean that Google does not also enable the apps.