Apps including TikTok can read your iOS clipboard without permission
- mar
- 13
That's according to developers who used Xcode to analyze the behavior of 50 apps.
What you need to know
- Apps including TikTok can read your clipboard in iOS without permission.
- Two developers have used Xcode to analyze the behavior of 50 apps.
- It poses a massive risk of exposing private and personal data.
Two developers have revealed that apps in iOS 13.3 can read your iOS clipboard without permission.
According to the blog Mysk, two developers Tommy Musk and Talal Haj Bakry have used Xcode to analyze the behavior of around 50 apps, with some startling results.
Your iOS/iPadOS clipboard, or pasteboard, is where information that you copy and paste is stored whilst you're using it. If you highlight anything on your iPhone or iPad, like text, a message from a friend, a password or a credit card number, it gets stored on your clipboard until you used it.
From the report:
We have explored popular and top apps available on the App Store and observed their behavior using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.
The exploit only works with text data, not photos or PDF documents you might have copied and pasted.
Apps named as guilty of this exploit include ABC News, CBS News, CNBC, Fox News, New York Times, Reuters, WSJ, 8 Ball Pool, TikTok and more.
The conclusion to the piece states:
Access to the pasteboard in iOS and iPadOS requires no app permission as of iOS 13.3. While the pasteboard provides the ease of sharing data between various apps, it poses a risk of exposing private and personal data to suspicious apps. We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware. Our investigation confirms that many popular apps read the text content of the pasteboard. However, it is not clear what the apps do with the data. To prevent apps from exploiting the pasteboard, Apple must act.
You can read the full report, including a full list of guilty apps here.