The launch of Apple’s iOS 14 developer beta for iPhone last week has made it more obvious than ever that many popular iOS apps are reading data from their clipboard even when they don’t have a clear reason to do so, and they can too. from other nearby Apple devices.
The alarm was first rang in March when researchers Tommy Mysk and Talal Haj Bakry reported that social video sensation TikTok and dozens of other apps regularly retrieved data from the iOS and iPadOS clipboard, even when you’re not in a text input box. And how Ars Technica He noted in a recent report, that the data could include Bitcoin addresses or other confidential financial information.
The beta version of iOS 14 includes an alert that now informs users when another application is copying data from the clipboard. How a viral video shared on Twitter Last week shows, TikTok in particular is requesting data every two keystrokes, however it was not user initiated nor is it sticking in the field.
Various modern Apple devices, including iPhones, iPads, and Mac computers, also share the Universal Clipboard feature. When devices that share an Apple ID are close (about 10 feet), they can read data from clipboard from others, in case you want to paste something from one device to another.
Taken together, it’s a potentially troubling situation for anyone handling sensitive data on an Apple device, whether it’s passwords, Bitcoin addresses, or other private and valuable information. Even if most of the major identified apps probably don’t use the feature maliciously, the existence of the feature casts doubt on data security on iOS.
Mysk and Haj Bakry identified more than 50 major apps this spring that used the functionality, ranging from the aforementioned TikTok, which has an estimated 800 million users, to news apps like The New York Times, CBS Newsand Fox News, games including Bejeweled and PUBG Mobile, and other apps including AccuWeather and Hotels.com.
The Telegraph reported in March that TikTok planned to address the issue, but did not. A representative from TikTok said Ars Technica last week the functionality was implemented as a antispam measure, and that an updated version of the app without the clipboard callback has already been submitted to the App Store for approval.
Mysk said Ars Technica that only two other apps out of the more than 50 top apps identified in March (Hotel Tonight and 10% happier) changed functionality thereafter. However, now that iOS 14 beta has implemented the warning, developers may be more motivated to avoid potentially alarming millions of users once iOS 14 is released publicly this fall.
