(Right Country) – While correcting an issue with its upcoming iOS 14 update, due out this fall, that allowed apps to secretly access the clipboard on user’s devices, Apple discovered that one of the apps covertly accessing user data was popular Chinese-owned social media platform TikTok.
As you may recall, TikTok reportedly played a major role in essentially sabotaging attendance levels at President Trump’s Tulsa, Oklahoma rally. We could chalk that up to international interference in our election process. Moving on.
While running tests, security researchers Talal Haj Bakry and Tommy Mysk caught TikTok abusing the clipboard feature on iPhones.
Despite TikTok’s insistence that the issue with copying data was related to an outdated Google advertising software development kit (SDK) that’s being displaced, it seems the social media platform is still abusing the clipboard.
Apple’s new feature will warn users whenever an app reads the last thing copied to the clipboard but the fact that a Chinese-owned social media platform has been caught spying on American users should be sounding off major alarms.
Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification pic.twitter.com/OSXP43t5SZ
— Jeremy Burge (@jeremyburge) June 24, 2020
Forbes contributor Zak Doffman has more:
According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.
TikTok also told me that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one. TikTok added that it “looks forward to welcoming outside experts to our Transparency Center later this year.”
When I covered the original TikTok clipboard issue, the company was adamant it was not their problem and related to an outdated library in their app. “The clipboard access issues,” a spokesperson told me, “showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this (presumably they do but we cannot speak to that). We are in the processes of updating so that the third-party SDK will no longer have access.”
TikTok assured me it was being fixed and questioned coverage that suggested this was an issue. “It’s a Google Ads SDK issue,” they assured again in a later email, “so we need to make the change in which version of that SDK we use. TikTok does not get access to the data, but we are updating regardless to resolve it.”
Now Apple’s welcome iOS 14 security and privacy changes have caught them red-handed still doing something they shouldn’t. Something they said was fixed. TikTok isn’t alone—other apps will now need to change deliberate or inadvertent clipboard access. But TikTok is the highest profile and most totemic of the apps caught out, given its prior coverage and wider issues.
The most acute issue with this vulnerability is Apple’s universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information. Anything.
In conclusion, Doffman advises that “All iPhone users should update to the latest version of TikTok as soon as it’s released—and given it is actively reading your clipboard, you might want to bear that in mind while using the app ahead of that update.”
It’s becoming abundantly clear when you view the totality of recent events that China is enthusiastically trying to undermine our democracy and destroy the US from the inside out. The Trump-Russia collusion hoax was just that. There was never any collusion between Trump and Russia to rig the election in 2016 but you can be sure there is most definitely collusion between China and the left and if we aren’t vigilant it will be the downfall of the US as we know it.
Use TikTok if you choose but you’ve been warned.