Posted on June 28, 2020 at 5:32 PM
A new iOS 14 security feature has caught the TikTok app spying on millions of its users. The popular app was discovered copying tests from a user’s clipboard and lodged keystrokes without their consent or knowledge, according to reports.
Although this was initially carried out secretly, beta users of the iPhone software receive a notification when an app collects user data. Head of Emojpedia, an online emoji directory, recently shared a video of a data that hovered in action and blamed it on the feature bugging out.
TikTok said the app was not meant to invade privacy
In response to the situation, a TikTok spokesperson pointed out that the supposedly bugging app was designed that way to identify repetitive spammy incidents, and it wasn’t intended to invade anyone’s privacy.
The spokesperson also pointed out that the updated version of the app has been sent to the App Store to remove the anti-spam feature and cancel any likely confusion. The spokesperson reiterated TikTok’s desire to remain transparent regarding how it manages the app and how it handles user privacy.
“TikTok is committed to protecting users’ privacy and being transparent about how our app works,” the spokesperson said.
In March, TikTok promised to cancel its keystroke snooping system within a few weeks. But from evidence gathered by security researchers, the snooping behavior is still practiced by the app.
In June, Apple fixed a serious problem in its iOS 14, where apps can furtively gain access to clipboard on users’ devices.
And recently, the iOS 14 caught one app snooping around. The app, known as TikTok, has raised other security issues in the past, which has given users some concerns.
However, TikTok owner Bytedance, revealed that the issue was related to an obsolete Google advertising SDK, and now updated.
But it seems the bug had not been updated yet, based on recent evidence. The release of the clipboard warning in the iOS 14 beta version shows that the bug s still operational. TikTok was caught severely abusing the clipboard, which inherently shows that the invasion approach by TikTok is still ongoing, despite TikTok’s pledge to end it in April.
When this case was initially reported, TikTok did not agree it has anything to do with the issue. Then, TikTok said the issue is linked to an outdated library in their app, saying it’s a problem with clipboard access.
TikTok said the problem was magnified because of third-party SDKs, which is an outdated version of Google Ads SDK. The firm further stated that it wants to update to make sure the third-party SDK does not have access.
TikTok gave the assurance that the issue was being updated, and questioned the reasoning that suggested it was a problem.
Other apps caught in the act
TikTok wasn’t the only app discovered. There may be other apps doing the same thing TikTok is doing, as security experts have suggested. Apple’s iOS 14 security also caught other apps snooping around and invading users’ privacy
Other apps would now alter their deliberate clipboard access. Although TikTok isn’t the only app caught, it is the most popular among other apps discovered. It’s also the most totemic because of its other bigger issues and previous history.
The most worrying thing about vulnerability is Apple’s universal clipboard functionality. That means any file or data copied from the iPhone can be read on an iPad or Mac and vice versa.
Therefore, as long as TikTok remains active on the phone, it can read whenever that’s copied from the phone to other devices, including financial information, sensitive emails, work documents, passwords, and other important information.
Earlier this year when the news about TikTok’s app setup was initially exposed, security researchers said they are not sure what the app is ding with user data. However, with Apple’s new iOS fully functional, it has given the system a boost, which is why it was able to catch TikTok in the act.