New iPhone feature reveals concerning way apps like TikTok are accessing your phone's clipboard data

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

A new feature in Apple’s upcoming iPhone operating system has revealed privacy concerns with numerous popular applications.

iOS 14, which is currently only available in beta, alerts the user when an application has access to the clipboard.

The clipboard is where text is held between copying and pasting messages.

It was discovered that many mainstream apps including TikTok, Reddit, and LinkedIn were accessing users’ clipboards.

At least 53 applications were found to be scraping the data users copy and paste.

At the end of last month, short-form video sharing app TikTok was found to be scraping data from the clipboard.

The company claimed it was using the feature as an anti-spam technique.

“Following the beta release of iOS 14 on June 22, users saw notifications while using a number of popular apps,” the company said in a statement.

"For TikTok, this was triggered by a feature designed to identify repetitive, spammy behaviour. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.

”TikTok is committed to protecting users' privacy and being transparent about how our app works.“

This comes as the company’s reputation has been internationally called into question, as officials from the United States and from India have taken action against the app.

TikTok has been banned by the Transportation Security Administration (TSA) due to concerns over the way the Chinese app handles user data.

Last week, the app was banned in India due to legislation from the Indian government. Nearly 60 apps have been banned for “stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India”, the Indian government said, although did not mention which apps it claims specifically do this.

Both Reddit and LinkedIn have been found to be copying clipboard data, seemingly without users’ knowledge.

Reddit was found to be capturing clipboard data on each keystroke.

“We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL,” a Reddit spokesperson wrote in a statement.

“We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th.”

LinkedIn was also found to be gathering data from iOS devices’ clipboards, as well as from connected devices such as Apple MacBooks.

LinkedIn said the behaviour was a bug, and was not acting as intended.

“We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents,” LinkedIn’s VP of Consumer Products Engineering, Erran Berger tweeted.

It is unclear why such a check is necessary. The Independent has reached out to LinkedIn for clarification.

According to Forbes, when asked for an explanation, a LinkedIn spokesperson said: “equality check is a publicly referenced term, so we don’t have anything to add.“

In March, researchers Talal Haj Bakry and Tommy Mysk highlighted a range of applications that they said were taking content from the clipboard, seemingly without users’ consent.

“While unrestricted access to the pasteboard allow apps to read any data type, all the apps we investigated for this article have only requested access to text data. In other words, they are only interested in reading text and ignore other data types that may have been copied to the pasteboard, such as photos and PDF documents,” the researchers wrote.

Popular apps that accessed clipboard data include numerous news apps, as well as weather, social networking and shopping tools. Many games also still seem to use this access.

There does not appear to be a simple solution for users who do not want applications to access their clipboards.

Many users did not know companies accessed their clipboards and said companies seemingly did not inform the users that this data would be accessed.

Apple’s iOS 14 operating system is expected to be launched in September.

“It’s very, very dangerous,” one of the researchers told Ars Technica in an interview. “These apps are reading clipboards, and there’s no reason to do this. An app that doest have a text field to enter text has no reason to read clipboard text.”

Some apps do read clipboard data for beneficial purposes. Some are used to link copied text to live website URLs, while others can detect whether the copied information is an image and prompt users to open it.

For many apps, however, it’s difficult to see a compelling reason why they would have access to clipboard data.

The researchers suggested that Apple and Google should make clipboard access something users can give or revoke permission for, similar to the microphone or location data.

App developers could also be required to disclose precisely when clipboard data is accessed and for what purposes.

The Independent has reached out to Apple and Google for comment.