TikTok App to Stop Accessing User Clipboards After Being Caught in the Act by iOS 14

[farewelwilliams]

how about someone actually monitor the packets to see if any of the clipboard contents get sent back instead of assuming?

i mean, tiktok accessing your clipboard every few strokes sounds SUPER sketchy to me, but it doesn't mean it's getting sent back to the server. stop having gut reactions and wait for the truth.

 

[Shirasaki]

If there were ever an app that needed to be booted from the app store for compromising user privacy, it's Tiktok. It's too bad it's gotten too popular and Apple can no longer give it the boot without massive backlash.

Tiktok is basically a ripoff of Vine. Why the HELL didn't Vine catch on, but Tiktok did? Sigh.

Because it’s developed by Chinese company. Sad.

 

[nicolas17]

One question I have is why do apps have access to the clipboard AT ALL?

Shouldn't the clipboard only be used when you PASTE something? It seems absurd that there'd be an API for an app to grab the clipboard contents without permission, and yet apparently it's been the case all along.

Apps can create their own "Paste" button in the user interface, and it's reasonable that they can. If there's no API to access clipboard contents, how would such a button work? If Apple provided an API that only lets the app paste the clipboard into the current text field and not read it... apps could just paste into a hidden text field and then read its contents; back at square 1.

Google Translate lets you "translate the current contents of the clipboard" as a quick action from the homescreen icon. How would *that* work without an API to read the clipboard contents?

Showing a notification when an app accesses the clipboard seems like the reasonable way out.

 

[Tech198]

ok, i'll play devils-advocate again..

Yes, tiktok shouldn't be doing this, but at the same time its one of a double edged sword.. Apple allows this to happen, (just helping out the user after all right? ), but they dug their own hole. So, adding this "feature" will be more trouble than its led Apple to believe...

Just don't allow apps to read the clipboard. If privacy is as Apple says it is, it won't have a problem, apps shouldn't be automatically doing it anyway..

 

[ohbrilliance]

One question I have is why do apps have access to the clipboard AT ALL?

Indeed. Instead of an access notification, this would be better served with a message 'AppName would like to access your clipboard. Allow Once/Allow Always/Deny'. I still can't think of a legitimate reason any app would need to access the clipboard.

 

[iGeneo]

Some of these comments are a little on the racist side..

Look, yes TikTok is a Chinese company and they need to be held to the same standard. Not a single complaint about Starbucks or TripIt?

How about fair condemnation across the board?

 

[arvinsim]

It's amazing and frightening how companies get away with this.

These kinds of behaviour should be criminalized.

 

[DoctorTech]

"TikTok is committed to protecting users' privacy..." That is verbatim what Zuckerberg says every time Facebook gets caught violating users' privacy.

 

[Muzzakus]

Chy-nah, I just want to be accurate

 

[TitsLegendary]

SiriusXM is doing the same thing. Every time I launch the app it gives me the notice that it copied my clipboard.

 

[DoctorTech]

Some of these comments are a little on the racist side..

Look, yes TikTok is a Chinese company and they need to be held to the same standard. Not a single complaint about Starbucks or TripIt?

How about fair condemnation across the board?

I agree. As much as I dislike TikTok they are far from alone in sucking up as much user data as they can get away with. I had already deleted the Starbucks app a couple years ago over some other nonsense and I stick to Apple apps for most core functions (maps, email, calendar, reminders, etc.) because of their privacy policies.

 

[Eso]

Exactly why I stay with Apple. Privacy is something they truly care about; to their core.

If they care that much, the only time data from the clipboard would be delivered to an app would be when the user‘s finger touches the iOS “paste“ call-out button. It wouldn’t telling you after an app has already stolen your password copied by your password manager.

 

[urnotl33t]

Guaran-dang-tee you see Beta 2 with “clipboard privacy” controls now. Apple won’t tolerate this abusive behavior.

 

[macfacts]

Exactly why I stay with Apple. Privacy is something they truly care about; to their core.

But it was apples app approval process that allowed this.

 

[Techwatcher]

Exactly why I stay with Apple. Privacy is something they truly care about; to their core.

Apple realized the value in privacy YEARS ago, while 99% of the other companies only saw the value in obtaining user data. There's a reason they were the first US company to hit 1 trillion market cap.

 

[A MacBook lover]

I agree. As much as I dislike TikTok they are far from alone in sucking up as much user data as they can get away with. I had already deleted the Starbucks app a couple years ago over some other nonsense and I stick to Apple apps for most core functions (maps, email, calendar, reminders, etc.) because of their privacy policies.

Some of these comments are a little on the racist side..

Look, yes TikTok is a Chinese company and they need to be held to the same standard. Not a single complaint about Starbucks or TripIt?

How about fair condemnation across the board?

Oh. You must have missed when China infiltrated our the Department of Energy, along with a handful of other government entities, along with 1 in 5 major US companies, like Tesla and Apple. It's as if, you think, there is no logical basis to give this criticism compared to american companies.

We are in a espionage war with China

 

[Techwatcher]

But it was apples app approval process that allowed this.

Not everything is caught the moment it's let in. I really hope Apple forces these companies to get their act together. Much better than the free-for-all going on in the Google Play Store.

 

[abhibeckert]

Also, what is TikTok gonna do? Send my ****** copy pastas to the CCP?

They would be selling your clipboard history to companies that specialise in building data profiles on people.

It can be used to verify data they already have (that two apps running behind the same IP address are being used by the same person for example) and to find out what you’re doing (we often copy/paste search terms) and also to estimate things like your age/gender/race/political preferences/income/marriage status/etc.

The data profile company won’t do anything with it - they sell your profile to anyone who’s interested. From advertisers to police to criminals.

 

[oneMadRssn]

before everyone dog piles on TikTok and the "Chinese" apps... there are several other offenders

Yes! Currently it‘s harder to find an app not checking your clipboard. Nearly every major app does it.

Apps currently spying:
News
• ABC News
• Al Jazeera English
• CBC News
• CBS News
• CNBC
• Fox News
• News Break
• New York Times
• NPR
• ntv Nachrichten
• Reuters
• Russia Today
• Stern Nachrichten
• The Economist
• The Huffington Post
• The Wall Street Journal
• Vice News
Games
• 8 Ball Pool™
• AMAZE!!!
• Bejeweled
• Block Puzzle
• Classic Bejeweled
• Classic Bejeweled HD
• FlipTheGun
• Fruit Ninja
• Golfmasters
• Letter Soup
• Love Nikki
• My Emma
• Plants vs. Zombies™ Heroes
• Pooking – Billiards City
• PUBG Mobile
• Tomb of the Mask
• Tomb of the Mask: Color
• Total Party Kill
• Watermarbling
Social Networking
• TikTok
• ToTalk
• Tok
• Truecaller
• Viber
• Weibo
• Zoosk
Other
• 10% Happier: Meditation
• 5-0 Radio Police Scanner
• Accuweather
• AliExpress Shopping App
• Bed Bath & Beyond
• Dazn
• Hotels.com
• Hotel Tonight
• Overstock
• Pigment – Adult Coloring Book
• Recolor Coloring Book to Color
• Sky Ticket
• The Weather Network

 

[wynhou]

They would be selling your clipboard history to companies that specialise in building data profiles on people.

The data profile company won’t do anything with it - they sell your profile to anyone who’s interested. From advertisers to police to criminals.

This is the business model of Google and FB. What's the difference?

 

[now i see it]

I thought that everyome knew that tiktok was a spy app.

 

[coolfactor]

TikTok's explanation makes zero sense. The post would go onto their servers anyway where they could apply their anti-spam process. Why does it have to be while a user in the process of typing a post? How was the user being prevented from making a "spammy" post with that feature in place?

There's something else going on and they are not being honest about it. They were caught red-handed which is why they removed it so quickly.

I highly suspect that they were applying text processing to the post as quickly as possible (while a user typed) in order to garner data that could be used for some type of monetization.

 

[groove-agent]

How could grabbing the contents of the clipboard very 3-4 seconds be considered an anti-spam feature?

 

[nicolas17]

If they care that much, the only time data from the clipboard would be delivered to an app would be when the user‘s finger touches the iOS “paste“ call-out button. It wouldn’t telling you after an app has already stolen your password copied by your password manager.

The entire copy/paste API would need to be redone to make it work that way. When the user taps the "paste" callout button, the system tells the app that the user wants to paste, and the app handles it by reading the clipboard, and doing different things depending on the data type(s) present in the clipboard. Apps can also provide their own "paste" button in a toolbar or whatever.

The call-out menu is also in-process, so nothing stops an app from programmatically tapping the "paste" callout button.

I think this notification is the best they could do, and this article is proof that it works: TikTok removed that behavior because of the notification.

 

[Small White Car]

One question I have is why do apps have access to the clipboard AT ALL?

The third-party Reddit app named Apollo uses it well. If you launch the app with a Reddit URL in your clipboard it asks if you’d like to load that thread in the app.

I’m guessing this was Apple’s intent for this API.

But Apollo is one of those apps made by a single developer with a good reputation. Clearly not everyone can be trusted with this tool.