A new security feature in iOS 14 reveals every time an app accesses your clipboard. TikTok does so every few seconds.
Yesterday, Jeremy Burge shared a gif of himself typing while in the app. “Okay, so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification.”
Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification pic.twitter.com/OSXP43t5SZ
— Jeremy Burge (@jeremyburge) June 24, 2020
In the video, you can see the iOS 14 notification popping up each time the app accesses the keyboard. This clipboard snooping is a security nightmare, since some password managers rely on copy/paste. If you’ve ever copied a password or credit card number while using the app – China probably has it.
This revelation explains why the U.S. Government, Army, and Navy consider TikTok spyware and banned it.
While the new iOS 14 notification is annoying, it highlights how frequently apps snoop the clipboard. The Universal Clipboard feature on Apple devices is even worse. Apps like TikTok have unrestricted access to the Universal Clipboard feature.
Researchers say this could lead to cases in which TikTok can snoop other clipboards.
Here’s the example they give. Someone enables Universal Clipboard on their Apple devices. Your partner is using a Mac to proofread a private article. You are nearby using TikTok and commenting on a video you see. Everything copied by the Mac to the Universal Clipboard will be picked up by TikTok. That’s how bad it is.
So far, TikTok has not responded to requests for a comment about this blatant security issue.
If you have the app installed on your phone and use a password manager, that’s probably a bad idea. Rampant copying of the clipboard is no different than installing a keylogger on your smartphone or PC.
People copy/paste sensitive URLs, emails, passwords, credit cards, and more. No wonder the U.S. government has banned the app from government devices if it can steal clipboard information so easily.