What you need to know
- Apps including TikTok can read your clipboard in iOS without permission.
- Two developers have used Xcode to analyze the behavior of 50 apps.
- It poses a massive risk of exposing private and personal data.
Two developers have revealed that apps in iOS 13.3 can read your iOS clipboard without permission.
According to the blog Mysk, two developers Tommy Mysk and Talal Haj Bakry have used Xcode to analyze the behavior of around 50 apps, with some startling results.
Your iOS/iPadOS clipboard, or pasteboard, is where information that you copy and paste is stored whilst you're using it. If you highlight anything on your iPhone or iPad, like text, a message from a friend, a password or a credit card number, it gets stored on your clipboard until you used it.
From the report:
We have explored popular and top apps available on the App Store and observed their behavior using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.
According to Mysk, who contacted iMore with additional information,
The exploit works with all data types such as text, photos, or PDF documents. Surprisingly, the apps we tested only chose to read text, but ignore other data types such as photos or PDF documents. In other words, all the apps we listed in our blog are only interested in reading text from the clipboard.
Apps named as guilty of this exploit include ABC News, CBS News, CNBC, Fox News, New York Times, Reuters, WSJ, 8 Ball Pool, TikTok and more.
The conclusion to the piece states:
Access to the pasteboard in iOS and iPadOS requires no app permission as of iOS 13.3. While the pasteboard provides the ease of sharing data between various apps, it poses a risk of exposing private and personal data to suspicious apps. We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware. Our investigation confirms that many popular apps read the text content of the pasteboard. However, it is not clear what the apps do with the data. To prevent apps from exploiting the pasteboard, Apple must act.
You can read the full report, including a full list of guilty apps here.
Updated: This article has been updated to correctly report on how the exploit works, as explained to us by Tommy Mysk.
We may earn a commission for purchases using our links. Learn more.
FAQ: TikTok & WeChat ban — why it’s happening and what it means for you
Are TikTok and WeChat really being banned? When does all of this take effect? Will I still be able to use these apps? All this and more answered in our FAQ regarding the latest U.S. orders.
WeChat ban has been blocked by U.S. District Court
The Trump administration's ban on WeChat was set to go into effect today, but a U.S. district court judge just blocked it.
Plan your day with Hour Blocks and its amazing iOS 14 Home screen widgets
Planning your day is no fun but sometimes you find an app that goes some way to making it less boring. Hour Blocks does a decent job and it looks lovely, too.
Pick the best Eufy RoboVac for you with our handy guide
Eufy makes some pretty compelling robotic vacuums and there are a lot to choose from. With a vast difference between the lower end, more affordable models and the smarter, connected, high end options, there are many factors to consider when deciding which model would be best for your household. We have compared the best of Eufy's RoboVac range here so you can find the right one for you.