TikTok was among many other mobile applications that could read your copied text even before they were pasted. Following the revelation that came in March, the social media platform, owned by Chinese technology company ByteDance, promptly said that they would stop doing that. But Apple's iOS 14's enhanced privacy features exposed that they didn't. Now, TikTok has once again promised to stop snooping around.
The iOS 14, which has been released only to beta testers, issues alert when an app gets access to the Apple clipboard, where copied texts get temporarily stored. The social media app, like in the past, has said it will issue an update with a script that will fix the issue. A TikTok spokesperson told the Telegraph that the access to the clipboard is to "identify repetitive, spammy behavior".
"We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion. TikTok is committed to protecting users' privacy and being transparent about how our app works," the statement said. However, it didn't mention whether the same update will be issued to Android users.
Not Just TikTok
The breach of privacy is however not limited to TikTok. Many news apps and even Google News are among those who have access to your clipboard. While initially the issue was highlighted by two developers — Talal Haj Bakry and Tommy Mysk in March — as an iOS security flaw that could be exploited by hackers, the behavior is old including in Android.
Using Apple's Xcode, they identified many popular shopping apps, games, apps that have access to the pasteboard. According to Mysk, many apps have since stopped reading clipboard but not TikTok, games like Plant vs Zombies Heroes.
"I'm very happy that Apple listened to the demands triggered by our research. Users should refrain from using apps that read the clipboard for no obvious reason developers must deliver updates that end unnecessary access to the clipboard," Mysk said, adding that it would be good if Google too adds such a feature to Android.
However, snooping around isn't just one of the aspects that drew public attention. In April, in another study, Mysk disclosed that TikTok users' — around 800 million around the world — video feed could be manipulated with spams. The short-video app, like many others, depends on the Content Delivery Network (CDN) to distribute media content. But instead of using the now-standard HTTPS, they use HTTP which is not secure.
"While this (HTTP) improves the performance of data transfer, it puts user privacy at risk. HTTP traffic can be easily tracked, and even altered by malicious actors. This article explains how an attacker can switch videos published by TikTok users with different ones, including those from verified accounts," Mysk's study said.
Hackers with malicious intent can alter the profile pictures and video content that appear on the users' feed. "The attacker can convey more fake facts in a spam video swapped with a video that belongs to a celebrity or a trusted account," it added.
YouTube to Test Short Video Feature
As the backlash on TikTok continues, Google said that it would test a short-video feature for YouTube, like TikTok, where users can record short videos worth 15 seconds. Users record their clips using the record button and tap again to stop recording. Once 15 seconds worth footage is created, YouTube will combine those together to create a full clip. However, Google hasn't released the feature details such as effects, filters, and other short-video tools.