New iPhone feature reveals concerning way apps like TikTok are accessing your phone's clipboard data

Reddit and LinkedIn, as well as popular games and news apps, have all been scraping the text you've copied on your phone

Adam Smith
Monday 06 July 2020 11:46 BST
Comments
A customer tries an Apple Inc. iPhone SE at the company's Omotesando store on March 31, 2016 in Tokyo, Japan
A customer tries an Apple Inc. iPhone SE at the company's Omotesando store on March 31, 2016 in Tokyo, Japan (Tomohiro Ohsumi/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A new feature in Apple’s upcoming iPhone operating system has revealed privacy concerns with numerous popular applications.

iOS 14, which is currently only available in beta, alerts the user when an application has access to the clipboard.

The clipboard is where text is held between copying and pasting messages.

It was discovered that many mainstream apps including TikTok, Reddit, and LinkedIn were accessing users’ clipboards.

At least 53 applications were found to be scraping the data users copy and paste.

Why did TikTok access my clipboard?

At the end of last month, short-form video sharing app TikTok was found to be scraping data from the clipboard.

The company claimed it was using the feature as an anti-spam technique.

“Following the beta release of iOS 14 on June 22, users saw notifications while using a number of popular apps,” the company said in a statement.

"For TikTok, this was triggered by a feature designed to identify repetitive, spammy behaviour. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.

”TikTok is committed to protecting users' privacy and being transparent about how our app works.“

This comes as the company’s reputation has been internationally called into question, as officials from the United States and from India have taken action against the app.

TikTok has been banned by the Transportation Security Administration (TSA) due to concerns over the way the Chinese app handles user data.

Last week, the app was banned in India due to legislation from the Indian government. Nearly 60 apps have been banned for “stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India”, the Indian government said, although did not mention which apps it claims specifically do this.

Did other apps access my clipboard?

Both Reddit and LinkedIn have been found to be copying clipboard data, seemingly without users’ knowledge.

Reddit was found to be capturing clipboard data on each keystroke.

“We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL,” a Reddit spokesperson wrote in a statement.

“We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th.”

LinkedIn was also found to be gathering data from iOS devices’ clipboards, as well as from connected devices such as Apple MacBooks.

LinkedIn said the behaviour was a bug, and was not acting as intended.

“We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents,” LinkedIn’s VP of Consumer Products Engineering, Erran Berger tweeted.

It is unclear why such a check is necessary. The Independent has reached out to LinkedIn for clarification.

According to Forbes, when asked for an explanation, a LinkedIn spokesperson said: “equality check is a publicly referenced term, so we don’t have anything to add.“

How many apps have had to be updated?

In March, researchers Talal Haj Bakry and Tommy Mysk highlighted a range of applications that they said were taking content from the clipboard, seemingly without users’ consent.

“While unrestricted access to the pasteboard allow apps to read any data type, all the apps we investigated for this article have only requested access to text data. In other words, they are only interested in reading text and ignore other data types that may have been copied to the pasteboard, such as photos and PDF documents,” the researchers wrote.

Popular apps that accessed clipboard data include numerous news apps, as well as weather, social networking and shopping tools. Many games also still seem to use this access.

What can I do to stop applications from reading my clipboard?

There does not appear to be a simple solution for users who do not want applications to access their clipboards.

Many users did not know companies accessed their clipboards and said companies seemingly did not inform the users that this data would be accessed.

Apple’s iOS 14 operating system is expected to be launched in September.

“It’s very, very dangerous,” one of the researchers told Ars Technica in an interview. “These apps are reading clipboards, and there’s no reason to do this. An app that doest have a text field to enter text has no reason to read clipboard text.”

Some apps do read clipboard data for beneficial purposes. Some are used to link copied text to live website URLs, while others can detect whether the copied information is an image and prompt users to open it.

For many apps, however, it’s difficult to see a compelling reason why they would have access to clipboard data.

The researchers suggested that Apple and Google should make clipboard access something users can give or revoke permission for, similar to the microphone or location data.

App developers could also be required to disclose precisely when clipboard data is accessed and for what purposes.

The Independent has reached out to Apple and Google for comment.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in