TikTok ‘did not store’ data from iPhone clipboard


TikTok's logoImage copyright
Getty

The social media platform TikTok told the BBC that it did not receive or store any data from the Apple iPhone clipboard.

In a developer test of the latest update to the phone’s operating system, iOS 14, users are notified every time an app accesses the phone’s clipboard.

TikTok was one of 53 applications that security researchers had previously flagged as regularly seeking access to the clipboard.

TikTok said it introduced the move to prevent people from spamming the platform by copying and pasting the same content.

The platform, owned by Chinese firm Bytedance, also said it disabled the feature through an automatic update to the app released on June 27.

It was never enabled on Android devices, he added.

“After the beta release of iOS14 on June 22, users saw notifications while using a number of popular apps,” it said in a statement.

“For TikTok, this was triggered by a feature designed to identify repetitive and unwanted behavior. We sent an updated version of the app to the App Store by removing the antispam feature to eliminate any possible confusion.”

Jeremy Burge, the founder of Emojipedia, shared a video of Apple’s new notification on Twitter.

“TikTok is grabbing the contents of my clipboard every 1-3 keystrokes,” he wrote.

“iOS 14 is making fun of it with the new paste notification.”

‘Silently readable’

The news had alarmed privacy activists.

“People should be aware that on mobile devices they can do things that are a bit unexpected to try to be useful,” said Professor Alan Woodward, a cybersecurity expert at the University of Surrey.

“It is not ideal, but in this case there is no evidence that he was sending the data anywhere other than the phone. There is no cause for alarm.”

There are legitimate reasons why apps require clipboard access: The 9to5 Mac website noted in February that the clipboard is “designed to be read silently by any app.”

To share a website address with a messaging platform, for example, or to get a password from a password manager and paste it into a password protected service, the clipboard must be accessible,

In an investigation published in March, Talal Haj Bakry and Tommy Mysk identified dozens of apps that they said accessed the clipboard.

Apple told them at the time that it didn’t think there was a problem with the vulnerability, but its new iOS update now warns iPhone users when it happens.

The couple identified several news channels, games, and social media / messaging platforms that were looking for clipboard data.

They included Reuters, the New York Times, Russia Today, Fruit Ninja, Player Unknown’s Battlegrounds, Plants vs Zombies, TikTok, Viber, and Weibo.

They noted that it was unclear what the apps did with the data.