TIKTOK, PUBG MOBILE, TRUECALLER AND 51 OTHER IOS APPS ARE REPORTEDLY ACCESSING CLIPBOARD DATA WITHOUT USER PERMISSION

After the iOS 14 developer beta was recently rolled out, it was found that TikTok was accessing users’ clipboard data. However, the software’s anti-spam feature forced the app to roll out an update to prevent the app from doing that, according to a report by The Telegraph.

This report led us to research by Talal Haj Bakry and Tommy Myskreported by ArsTechnica, according to which, 53 other iOS app has also been found to be snooping on users’ sensitive clipboard data passwords, addresses and anything else in the clipboard.

Additionally, the ArsTechnica report also claims that despite TikTok claiming to have released an update to put an end to the practice, “it continues to access some of Apple users’ most sensitive data, which can include passwords, cryptocurrency wallet addresses, account-reset links, and personal messages.”

As per researchers Bakry and Mysk, these iOS apps “deliberately called an iOS programming interface that retrieves text from users’ clipboards.”

Reportedly, this practice has also been noted in some prominent news apps as well, like Fox News, the New York Times, and The Wall Street Journal, as well as in gaming apps like Bejeweled, Fruit Ninja and PUBG Mobile. Some social media apps are also part of the list, including Viber, Weibo, and Truecaller. (The full list of apps is at the end of the article.)

Currently, it’s also unclear how these apps behave in Android.

“It’s very, very dangerous,” Mysk said in an interview on Friday, referring to the apps’ indiscriminate reading of clipboard data. “These apps are reading clipboards, and there’s no reason to do this. An app that doesn’t have a text field to enter text has no reason to read clipboard text.”

The researchers also mention that the issue isn’t just limited data stored on the local device. Due to Apple’s universal clipboard feature, these apps could be accessing clipboard data across users’ iPhone, iPad, and Mac.

The video below explains how these apps exploit Apple’s universal clipboard feature:

 

While the research was initially published back in March this year, the issue has surfaced now after Apple released the iOS 14 developer beta update.

A novel feature in the new iOS iteration shows users a warning every time an app reads clipboard contents. Due to the function, users who were testing the beta release started to notice just how many apps engage in the practice and just how often they do it.

One of these early testers is Ryan Jones, who posted a video on YouTube (embedded below) that shows a few apps that triggered the warning on iOS 14.

 

Complete list of apps allegedly accessing iOS users’ clipboard data:

News

ABC News
Al Jazeera English
CBC News
CBS News
CNBC
Fox News
News Break
New York Times
NPR
ntv Nachrichten
Reuters
Russia Today
Stern Nachrichten
The Economist
The Huffington Post
The Wall Street Journal
Vice News

Games

8 Ball Pool
AMAZE!!!
Bejeweled
Block Puzzle
Classic Bejeweled
Classic Bejeweled HD
FlipTheGun
Fruit Ninja
Golfmasters
Letter Soup
Love Nikki
My Emma
Plants vs. Zombies Heroes
Pooking – Billiards City
PUBG Mobile
Tomb of the Mask
Tomb of the Mask: Color
Total Party Kill
Watermarbling

Social Networking

TikTok 
ToTalk 
Tok 
Truecaller 
Viber 
Weibo 
Zoosk 

Other

10% Happier: Meditation 
5-0 Radio Police Scanner 
Accuweather 
AliExpress Shopping App 
Bed Bath & Beyond
Dazn 
Hotels.com 
Hotel Tonight 
Overstock 
Pigment – Adult Coloring Book
Recolor Coloring Book to Color 
Sky Ticket
The Weather Network 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Do NOT follow this link or you will be banned from the site!
error: Unauthorized Content Copy Is Not Allowed
%d bloggers like this: