TikTok Seems To Be Copying Your Clipboard With Every Keystroke

TikTok Copying Clipboard

As revealed by a new iOS 14 privacy feature, apparently Tiktok is copying and pasting the contents from your clipboard with every keystroke, which is alarming, called ‘Paste Notification’. This new update brings to light the fact that Tiktok is keeping an eye on your clipboard with every click; and it is likely that it may be saving the contents and saving it for later along with some other information.

Jeremy Burge discovered this breach of security on the app and the same has been shown in the video below:

https://twitter.com/i/status/1275896482433040386

As per The Telegraph, TikTok has issued a statement that it will stop this practice of copying the clipboard contents; now that their privacy violation has been caught.

TikTok stores information and sends it back to China

Bangorlol, a Reddit user has posted to the Videos subreddit with a clear set of details as to what information Tiktok steals from the users and sends back to China. They observed that Tiktok has stolen most of the data as it has the same data collection ability as mobile app developers. The information collected by Tiktok and sent back to China constitutes:

  • Phone hardware (Number of course, hardware ids, dpi, memory usage, screen dimensions, CPU type, disk space, hardware ids, etc)”
  • “Other apps that you have installed (even some deleted ones show up in their analytics payload – may be using as cached value)”
  • “Everything network-related (IP, wifi access point name, local IP your mac, router mac)”
  • To know “Whether or not you’re rooted/jailbroken”
  • “They also set up a local proxy server on your device for “transcoding media”, but that can also be violated very easily as it has zero authentication”.

This breakdown has also been done by many trusted cybersecurity firms; and have found similar privacy violation concerns. One such firm, Penetrum published this note in their latest report of Tiktok version 1.8.0:

 “The app copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.”

This wrongdoing on the part of Tiktok has opened a can of worms for the app, and with iOS 14 coming out. Tiktok users should be concerned about the same.

Clipboard as a privacy attack vector

The constituents of your clipboard can be very prone to hacks. With the growth of the password managers, which create a pattern of copying and pasting the passwords; this surely is a threat as Tiktok may also be storing your passwords to different sites and apps and sending it back to their home country.

Clipboard as a privacy attack vector

There isn’t a way yet to know exactly what is the app doing with this information that it steals; as it may be possible that it is checking the functionality of certain links. But TikTok hasn’t had the best reputation and its acceptable on people’s part on doubting the App’s unethical behaviour.

Anything that you enter into an app or website, besides any copy-pasting done, can be viewed. It is certainly possible that when you enter any password into some app or website; the information may be stored somewhere and it depends on the service or website’s privacy policy to protect that information.

With Tiktok’s reputation for constant breach of security; it has become quite evident that the app cannot be trusted any further.