iOS 14 Exposes Apps That Spy On Your Clipboard Data
iOS 14 is still in beta but it has exposed a number of popular apps, including LinkedIn and TikTok, that read the iPhone clipboard regularly, without any reason or permissions. For some apps, it is understandable if they automatically copy content from the clipboard to provide a feature that enhances user experience, but as you will see from these list of apps, most of them do not even have any text field, or relevant functionality, that would provide any benefit to the end-user from reading the clipboard.
iOS 14 has a new feature that notifies the user every time an app pastes data from the clipboard, whether it is intentional or automatically. Because iOS devices and Macs use a feature called Universal Clipboard, which allows them to copy and paste content between each other, these apps are able to snoop on a lot of content which might include passwords, credit card details, banking details, and much more.
Here is a list of the apps discovered so far that have been found guilty of accessing clipboard data:
- Call of Duty
- Fruit Ninja
- PUBG Mobile
- Google News
- Tik Tok
- ABC News
- Al Jazeera English
- CBC News
- CBS News
- Fox News
- News Break
- New York Times
- ntv Nachrichten
- Russia Today
- Stern Nachrichten
- The Economist
- The Huffington Post
- The Wall Street Journal
- Vice News
- Hotel Tonight
- The Weather Network
- Sky Ticket
- 8 Ball Pool
- Block Puzzle
- Classic Bejeweled
- Classic Bejeweled HD
- Plants vs Zombies Heroes
- Bed Bath & Beyond
Here is a video which shows how these apps spy on your clipboard every time you copy something:
To understand the extent to which apps like LinkedIn snoop on your private data in the clipboard, here is an example shared on Twitter:
LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.
I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.
Tik tok just got called out for this exact reason. pic.twitter.com/l6NIT8ixEF
— Don 𝘧𝘳𝘰𝘮 urspace.io (@DonCubed) July 2, 2020
Whether the clipboard data is synced to the server or not, the point of exposing these apps is that they have no business to access clipboard data like this. There is no good reason to do so.
Many of the developers behind these apps, including LinkedIn and Tik Tok, have publicly announced that they will stop this practice. Even though Tik Tok had promised to fix this before, they never fixed the issue. Casey Newton of The Verge explained these 'bugs' in the best way:
Funny how many data-mining social apps have had the same “bug” https://t.co/hrVH0F98Yu
— Casey Newton (@CaseyNewton) July 3, 2020
If you think that this issue only exists on iOS, it also impacts Android. Most Android apps can even access clipboard data, when they are in the background, which makes them even more dangerous than their iOS counterparts. Android changed this behavior with version 10, but we know how many users actually get to use the latest Android updates.
Until these apps push out updates that fix the clipboard issues, beware of what you copy on your devices.