After the iOS 14 developer beta was recently rolled out, it was found that TikTok was accessing users’ clipboard data. However, the software’s anti-spam feature forced the app to roll out an update to prevent the app from doing that, according to a report by The Telegraph.
This report led us to research by Talal Haj Bakry and Tommy Mysk, reported by ArsTechnica, according to which, 53 other iOS app has also been found to be snooping on users’ sensitive clipboard data passwords, addresses and anything else in the clipboard.
Additionally, the ArsTechnica report also claims that despite TikTok claiming to have released an update to put an end to the practice, “it continues to access some of Apple users’ most sensitive data, which can include passwords, cryptocurrency wallet addresses, account-reset links, and personal messages.”
As per researchers Bakry and Mysk, these iOS apps “deliberately called an iOS programming interface that retrieves text from users’ clipboards.”
Reportedly, this practice has also been noted in some prominent news apps as well, like Fox News, the New York Times, and The Wall Street Journal, as well as in gaming apps like Bejeweled, Fruit Ninja and PUBG Mobile. Some social media apps are also part of the list, including Viber, Weibo, and Truecaller. (The full list of apps is at the end of the article.)
Currently, it’s also unclear how these apps behave in Android.
“It’s very, very dangerous,” Mysk said in an interview on Friday, referring to the apps’ indiscriminate reading of clipboard data. “These apps are reading clipboards, and there’s no reason to do this. An app that doesn’t have a text field to enter text has no reason to read clipboard text.”
The researchers also mention that the issue isn’t just limited data stored on the local device. Due to Apple’s universal clipboard feature, these apps could be accessing clipboard data across users’ iPhone, iPad, and Mac.
The video below explains how these apps exploit Apple’s universal clipboard feature:
While the research was initially published back in March this year, the issue has surfaced now after Apple released the iOS 14 developer beta update.
A novel feature in the new iOS iteration shows users a warning every time an app reads clipboard contents. Due to the function, users who were testing the beta release started to notice just how many apps engage in the practice and just how often they do it.
One of these early testers is Ryan Jones, who posted a video on YouTube (embedded below) that shows a few apps that triggered the warning on iOS 14.
Complete list of apps allegedly accessing iOS users’ clipboard data:
Al Jazeera English
New York Times
The Huffington Post
The Wall Street Journal
8 Ball Pool
Classic Bejeweled HD
Plants vs. Zombies Heroes
Pooking – Billiards City
Tomb of the Mask
Tomb of the Mask: Color
Total Party Kill
10% Happier: Meditation
5-0 Radio Police Scanner
AliExpress Shopping App
Bed Bath & Beyond
Pigment – Adult Coloring Book
Recolor Coloring Book to Color
The Weather Network