Apple’s iOS 14 has a great new privacy feature that sends you a notification whenever an application inspects what’s on your iPhone’s clipboard. It’s sounds like a smart addition, but it’s also uncovered some potentially unsettling behaviour from several apps.
Take a look at this example posted by Twitter user Jeremy Burge, which shows all the iOS 14 clipboard alerts he received when using TikTok:
https://twitter.com/a/status/1275896482433040386
Several developers looked into the issue to see what was going on. According to their findings and the ensuing discussions on Twitter, it appears that these apps are only reading the clipboard rather than grabbing, copying or saving the data they find there — in theory, anyway.
There are legitimate reasons why an app would do this, so I wouldn’t be alarmed if, or when, you see this notification in your favourite apps.
https://twitter.com/a/status/1276146864895778821
Some developers even found that their apps are triggering the notification unexpectedly — even if they aren’t made to access the clipboard in the first place — so it’s possible that there are new APIs in iOS 14 that need to be implemented by an app to prevent over-notifications for unexpected behaviour.
Still, it makes one wonder how many of these apps are covertly accessing the iOS clipboard, and if they’ve been doing the same thing on Android and older iOS versions without our knowledge. However, I’d bet that most people are going to have a single question when they see a notification like this: Should you be worried that TikTok and other apps could be stealing your clipboard data?
I would say “no” for TikTok, based on what the company has said. But I wouldn’t extend that blanket trust to every app, especially if you’re prone to tinkering around with untested, lightly reviewed apps from unknown developers.
Hard to confirm it for sure, but FWIW both TikTok and Google (whose SDK it was in this case, according to TikTok) said on the record that no user data was ever sent off device. Supposedly it’s just not the way the SDK(s) work. Take that as you will!
— Io Dodds 🌔🏳️⚧️ (@iododds) June 25, 2020
In a perfect world, Apple would adjust its notifications to more clearly indicate when an app is scanning your clipboard to see if anything is on it versus when it’s actively using the information on the clipboard for another purpose. Even then, apps have always been able to access the clipboard without restriction.
https://twitter.com/a/status/1276147520675160064
For now, it’s wise to think twice about what you’ve got copied to your device’s clipboard before you open or when you’re using an app. Perhaps it’s best to not copy and paste important details — your email address, your password, your 2FA codes, etc. — if you can avoid it.
Leave a Reply
You must be logged in to post a comment.