New Delhi: Users currently testing the beta version of the upcoming iOS 14 software for iPhones have found that TikTok is recording what they are typing on their phones, which could range from non-sensitive information to passwords or even sensitive emails.
The practice is expected to affect iPhone users with TikTok accounts in India and around the world. The final version of iOS 14 is expected to be released later this year.
According to a Forbes article, the Chinese-origin TikTok is not the only app that could be exploiting this vulnerability, but it is the most high-profile of all apps caught spying on users in this way. The article adds that TikTok had said it would stop the “invasive practice” in April, but is still continuing to do so.
The problem starts with iOS’s clipboard function. The function helps a user copy text or image and paste it on another app. The clipboard can also be used to copy-paste text and images from one Apple device to another Apple device, like from an iPhone to a Mac or an iPad.
However, because of the way Apple software was designed, any app was able to record all text and images that were copy-pasted via the clipboard function. There would be no warning or notice to the user that a particular app is recording information the user was copying via the clipboard function.
A researcher blog mentioned in the Forbes article said user location can be recorded by an app that is monitoring the clipboard function used by an unwitting user to copy-paste an image.
Since the clipboard function is also used by Apple users to copy-paste information between their Apple devices, the Forbes article states that for example, if TikTok is active on an iPhone, it can “read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information”.
Now, however, Apple has released a beta version of the upcoming iOS 14 software. The beta version alerts a user whenever an app copies what the user has pasted on the clipboard.
A verified Twitter user, Jeremy Burge, a historian of emojis, testing out the iOS 14 beta version, posted a video of how the new operating system alerts him whenever TikTok copies something he is typing on his clipboard.
The alternative possibility is TikTok stealing what is on my clipboard every single time I type a keystroke.
I don't have a way to know for sure. Thought it worth putting out there.
— Jeremy Burge (@jeremyburge) June 24, 2020
TikTok has commented on the matter — the Forbes article cites the company as saying the issue is “triggered by a feature designed to identify repetitive, spammy behaviour”, and that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion”.
Whether the same issue persists for Android users is not yet known, according to the Forbes article.