New iOS 14 privacy feature exposes TikTok’s unethical practices

During WWDC 2020, Apple announced its commitment to protecting user privacy by including some new features that give users more oversight on app activity. One of the new features is a privacy banner that pops up whenever iOS 14 detects an app is accessing content from the clipboard.

Popular viral video app TikTok was recently caught red-handed checking content of iOS 14 beta users, who are mostly developers and select users. Twitter user Jeremy Burge demonstrated how the app was checking content from his phone’s clipboard every few keystrokes entered in the app’s comment box. 

The alert annoyingly appears constantly on the top of the screen and raises questions on whether TikTok is copying personal data without permission. Even scarier, this was still happening even when the app was running in the background.

TikTok is owned by Beijing-based ByteDance which is often accused of having close connections with China’s government.

TikTok told The Telegraph that it will stop reading the contents of its user’s clipboards after a new iPhone update is rolled out to its users. The company explained: 

“Following the beta release of ‌iOS 14‌ on June 22, users saw notifications while using a number of popular apps.

“For TikTok, this was triggered by a feature designed to identify repetitive, spammy behaviour. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.

“TikTok is committed to protecting users’ privacy and being transparent about how our app works.”

But does the update really work? MacRumors confirmed that the TikTok app no longer appears to be accessing the clipboard after the update was installed. 

TikTok is not the only app guilty of such practices. According to the Telegraph report, many other apps constantly check the iOS clipboard. This ranges from weather apps (AccuWeather), e-commerce apps (AliExpress), games (Call of Duty Mobile) and even news apps (Google News).

In the majority of cases, most apps accessing the clipboard are autonomously trying to be helpful according to a report by 9to5mac, browsers apps like Google Chrome check the clipboard whenever users go to the URL field and offer a “Paste and Go” option. Even text editing apps automatically pre-fill blank documents with the clipboard’s content.

But there are some ad networks that do spy on the clipboard for tracking users, making iOS 14’s ability to highlight what your apps do while you are not looking, incredibly valuable.

So if TikTok is not the only app that does this, is it still okay to use it? Reddit user Bangorlol claimed to have reverse engineered the TikTok app and his findings were deeply disturbing. 

“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device…well, they’re using it,” Bangorlol said in a post.

In the post, Bangorlol described how sophisticated TikTok is at hiding its tracks, preventing people from figuring out how it actually works. “There is a ton of obfuscation involved at all levels of the application. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,” said Bangorlol who previously reversed engineered Instagram, Facebook, Reddit and Twitter apps.

“There’s a reason governments are banning it. Don’t use the app. Don’t let your children use it. Tell your friends to stop using it. It offers you nothing but a quick source of entertainment that you can get elsewhere without handing your data over to the Chinese government. You are directly putting yourself and those on your network (work and home) at risk.”

Editor’s Note: An earlier version of this story had a typo in the title, it has since been corrected.


Related reading