Via the clipboard
Security researchers warn that 50 popular apps are spying on users. Some of them read the contents of the clipboard every few seconds. Passwords and other sensitive information are at risk.
- Tiktok constantly reads the clipboard from cell phones.
- This can contain highly sensitive user data.
- Around 50 other apps do that too, say IT experts.
- Security researchers have exposed this practice.
- Now Tiktok has updated its app.
Copying passwords, your own address or personal messages can be dangerous. If you have the content in the so-called clipboard to paste it elsewhere, numerous iPhone and iPad apps access it. Security researchers Talal Haj Bakry and Tommy Mysk warned of this questionable practice in March.
The reading of this sometimes sensitive data is not even limited to one device. If Apple devices are linked to the identical Apple ID, they share a clipboard when both are nearby. “Practice is extremely dangerous. There is no reason for these apps to access the clipboard, »warns Mysk.
Once a second
Although the security researchers had already published their find in March, the result has now taken off again. With the trial version of Apple’s mobile operating system iOS 14, the user is shown every time apps access the content of the clipboard.
The social network Tiktok with 800 million users worldwide is in the spotlight. Users who have already installed the latest version (iOS 14) on their iPhones report that the app reads the clipboard after entering each character, i.e. once every second.
According to Tiktok, however, there is no bad intent behind it. By reading the clipboard, you want to be able to recognize spam behavior, the developer explains in an official statement. But now the anti-spam function has been updated. This should be available for download shortly. The company also committed to further protecting users’ privacy.
Other apps that, according to the two security researchers, access the clipboard include the apps from the news platforms Fox News, “Wall Street Journal”, “New York Times” or NPR. Games are also included, such as “Bejeweled”, “Fruit Ninja” or “PUBG Mobile”. Streaming services such as Dazn or apps like Hotel Tonight or Accuweather also read the clipboard. The experts have published the complete list on their blog. Numerous developers have responded and vowed to stop practicing.
According to the two security researchers, not only iPhones and iPads are affected. It was even worse with the Android system because the guidelines were looser. With Android 10, even apps that run in the background could read the clipboard, but this is not possible under iOS. Mysk advises users to be careful and, if necessary, to overwrite sensitive data after use by copying other harmless data.
If you subscribe to the digital push until you get news and rumors from the world of Whatsapp, Snapchat, Instagram, Samsung, Apple and Co. You will also be the first to receive warnings about viruses, Trojans, phishing attacks and ransomware. There are also tricks to get more out of your digital devices. Here’s how: Install the latest version of the 20-minute app. Tap on “Cockpit” in the lower right, then “Settings” and finally on “Push notifications”. Under “Topics”, tap “Digital” – et voilà!