TikTok and other popular iOS apps are spying on your iPhone clipboard

lead img iphone clipboard spying tiktok - TikTok and other popular iOS apps are spying on your iPhone clipboard

Image: Omar Marques / SOPA Images / LightRocket via Getty Images

By Matt Binder

Have you ever copied a password or perhaps even your credit card number on your iPhone in order to easily paste it onto a website form?

If you have, then it’s likely you’ve just exposed that information to a slew of popular iPhone apps.

App developers Tommy Mysk and Talal Haj Bakry recently published their research uncovering a major vulnerability with the cut-copy-paste feature on Apple iOS devices. The two developers found that Apple provides apps with the ability to read data stored in the system’s clipboard, officially called Pasteboard on iOS devices. Furthermore, they discovered that dozens of popular iPhone and iPad apps access this data every time a user opens them.

WATCH: Feel like your phone’s spying on you? You’re not alone 

uploads%252Fvideo uploaders%252Fdistribution thumb%252Fimage%252F90685%252F9843f9ca 0f71 42f1 af9c e90a918d4dc8.jpg%252F930x520.jpg?signature=LwEt60ySnAn53B68iw8Zge73BZ8=&source=https%3A%2F%2Fblueprint api production.s3.amazonaws - TikTok and other popular iOS apps are spying on your iPhone clipboard

“We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware,” the developers wrote. “Our investigation confirms that many popular apps read the text content of the pasteboard.”

Apps that could read your copied and cut text, or media on your iOS device include social networking apps like TikTok, Viber, and Weib, as well as gaming applications like Plants vs. Zombies Heroes, PUBG Mobile, and Fruit Ninja. Other apps include live sporting events platform Dazn, ecommerce apps AliExpress and Overstock, and the Hotels.com app. 

News applications appeared to lead in accessing this data, however. Some of the apps snooping on your clipboard include ABC News, Accuweather, CBS News, CNBC, The New York Times, Fox News, NPR, The Huffington Post, and Vice News. A full list of the offending apps can be found here.

Mysk and Bakry have also provided a video showing how they discovered the loophole.

It should be noted that there is no proof of anything maliciously being done with this information by the apps or the companies that publish them. This report shows that these applications are simply accessing this data without the users’ awareness or permission.

In February, the same app developer team published findings regarding a similar flaw with the iOS pasteboard. They found that GPS location information was leaking to apps which accessed the clipboard. This would happen if a user had copied an image taken by Apple’s default camera app.

According to Mysk and Bakry, Apple informed them that “that they don’t see an issue with this vulnerability.”

With their latest findings, the two are now urging Apple to act.

“It is not clear what the apps do with the data,” they stated. “To prevent apps from exploiting the pasteboard, Apple must act.”

We Know You Better!
Subscribe To Our Newsletter
Be the first to get latest updates and
exclusive content straight to your email inbox.
Yes, I want to receive updates
No Thanks!
close-link

Subscribe to our newsletter

Sign-up to get the latest marketing tips straight to your inbox.
SUBSCRIBE!
Give it a try, you can unsubscribe anytime.