Similar to previous iOS versions, the newly released iOS 14 continues Apple’s focus on user security and privacy. Therefore, in the new version of iOS for iPhone, iPad, and iPod touch devices, Apple has added a host of very practical features that help users know whether they are safe from security threats.
One of the new features in iOS 14 is the notification when an app accesses the device’s clipboard (the storage for copied text and media data). With this feature, whenever an app accesses the clipboard and performs a paste action, iOS 14 will display a notification saying “[App] pasted from [app]”, meaning that this app has used the clipboard data copied from the most recent app.
Thanks to this feature, many users recently discovered that numerous apps, including TikTok and Zalo, have accessed the device’s clipboard and could potentially extract a lot of sensitive information that users have copied there. This information could include passwords, phone numbers, emails, or even bank card codes. Data in the clipboard can be accessed by any app without prior warning.
With TikTok, whenever users start typing anything into the comment box, the app immediately retrieves data from the clipboard, but does not paste this data. iOS 14 continuously alerts that TikTok has accessed data from this clipboard. The same situation occurs with both the Chinese version of TikTok (Douyin) and the Vietnamese messaging app Zalo.
For Douyin and Zalo, these two apps even retrieve data from the clipboard every time users open the application.
Right after this issue was “exposed”, TikTok also provided its initial response regarding this matter. The company behind TikTok confirmed that the app does not collect data from the device’s clipboard. Instead, this platform has a customized system that identifies and detects if anyone is continuously performing spam actions, which is what caused the alerts from iOS 14 to appear frequently. TikTok also promised not to access clipboard data on users’ devices without permission in an upcoming update.
“For TikTok, the alerts from iOS 14 are due to a feature we designed to verify continuous spam behaviors. We have also released an app update on the App Store to remove this anti-spam feature to avoid any confusion. TikTok is committed to protecting user privacy and we are always transparent about how our app operates,” a TikTok representative stated.
As for Zalo, the app has not yet provided any response regarding this issue.
According to a report from the Telegraph, not only TikTok or Zalo, many other apps also continuously access the clipboard of smartphones, including AccuWeather, Overstock, AliExpress, Call of Duty Mobile, Patreon, and even Google News.
We still cannot know why these apps need to continuously check and access the clipboard. This raises questions about user privacy because the clipboard is indeed a sensitive area; it can contain any information from text data (passwords, PINs, bank card details…) or even media files (iOS allows users to copy images as well). With apps having access to the clipboard without user consent, data in this area can easily be collected by apps without the user’s knowledge.