What you need to know
- A new iOS 14 feature notifies you every time an app reads your clipboard.
- Users are starting to notice that some apps are doing this a whole lot.
- It seems the previously known issue is much worse than we thought.
A new iOS 14 security feature has revealed that iOS clipboard snooping may be much more prevalent and problematic than previously thought.
As reported earlier this week, with iOS 14, Apple has added a new notification that tells you when an app tries to read your clipboard.
This change was made on the back of research done by Mysk in March, which revealed that apps in iOS 13 were snooping on user clipboards without permission. From that report:
According to the blog Mysk, two developers Tommy Mysk and Talal Haj Bakry have used Xcode to analyze the behavior of around 50 apps, with some startling results.
Your iOS/iPadOS clipboard, or pasteboard, is where information that you copy and paste is stored whilst you're using it. If you highlight anything on your iPhone or iPad, like text, a message from a friend, a password or a credit card number, it gets stored on your clipboard until you used it.
With the release of iOS 14's new clipboard snooping notifications, it has emerged that apps like TikTok may actually be looking at your clipboard far more than originally thought. Check out the below video from Jeremy Burge, which shows TikTok triggering a notification every two or three keystrokes:https://twitter.com/jeremyburge/status/1275832600146391042
Burge noted this was probably just beta issues, then briefly pondered TikTok stealing what was on his clipboard every time he typed, realizing the problem a few hours later:https://twitter.com/jeremyburge/status/1275896482433040386
We spoke with Mysk regarding the iOS 14 update, and they've confirmed that the new iOS 14 notification has revealed that the clipboard snooping is far more intensive than initially known. They note that in their research, which raised awareness of the issue, they only really paid attention to the behavior of the app shortly after launch. The new notifications reveal that apps like TikTok are viewing your clipboard during normal usage, all the time.
They agree that the notification is obviously quite annoying, even covering the URL field in some apps, but is important in raising awareness as to how often apps look at the iOS clipboard.
An even bigger concern is Universal Clipboard. As video testing from Mysk has revealed, iOS and iPadOS apps like TikTok have unrestricted access to the Universal Clipboard. The example Mysk gave us was as follows:
- Someone enables Universal Clipboard on Apple devices
- Your friend or partner is using a Mac to proofread a private article or is browsing the internet etc.
- You are nearby using TikTok and commenting on a video
- Everything copied by the Mac to the UC will be picked up by TikTok.
The below video from Mysk reveals how apps can access the Universal Clipboard:
In previous articles, Mysk hypothesized as to how an app with repetitive access could snoop on data copied to the clipboard on other devices through Universal Clipboard, now TikTok serves as an example of this. As Mysk notes, sometimes iOS releases can fudge apps, causing them to misbehave in ways they didn't in previous versions, however, TikTok has been found guilty of this in iOS 13 as well, we just didn't have the iOS 14 notification system to alert us to the problem.
There definitely doesn't seem to be any reasonable explanation as to why TikTok would need to check what was on your clipboard every few keystrokes when typing a comment.
TikTok has not responded to a request for comment at this time.