TikTok 'didn't store' iPhone clipboard data

  • Published
TikTok's logoImage source, Getty

Social media platform TikTok has told the BBC it did not receive or store any data from Apple iPhone clipboards.

In a developer trial of the latest update to the phone's operating system, iOS 14, users are notified whenever an app accesses the handset's clipboard.

TikTok was one of 53 apps that security researchers had previously flagged as regularly seeking clipboard access.

TikTok said it introduced the move to stop people spamming the platform by copying and pasting the same content.

The platform, owned by Chinese firm Bytedance, also said it disabled the feature via an automated app update pushed out on 27 June.

It was never enabled on Android devices, it added.

"Following the beta release of iOS14 on June 22, users saw notifications while using a number of popular apps," it said in a statement.

"For TikTok, this was triggered by a feature designed to identify repetitive, spammy behaviour. We submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion."

Jeremy Burge, the founder of Emojipedia, shared video of Apple's new notification on Twitter.

"TikTok is grabbing the contents of my clipboard every 1-3 keystrokes," he wrote.

"iOS 14 is snitching on it with the new paste notification."

The BBC is not responsible for the content of external sites.View original tweet on Twitter

'Silently readable'

The news had alarmed privacy campaigners.

"People ought to be aware that on mobile devices, in order to try and be helpful they can be doing things that are slightly unexpected," said Prof Alan Woodward, cyber-security expert at Surrey University.

"It's not ideal but in this case there is no evidence that it was sending the data anywhere other than the phone. There's no cause for alarm."

There are legitimate reasons why apps require clipboard access - the website 9to5 Mac noted back in February that the clipboard is "designed to be silently readable by any app".

In order to share a website address with a message platform, for example, or to grab a password from a password manager and paste it into a password-protected service, the clipboard has to be accessible,

In research published in March, Talal Haj Bakry and Tommy Mysk identified dozens of apps which they said accessed the clipboard.

Apple told them at the time that it did not believe there was an issue with the vulnerability - but its new iOS update now warns iPhone users when it happens.

The pair identified various news channels, games, and social media/messaging platforms which sought clipboard data.

They included Reuters, the New York Times, Russia Today, Fruit Ninja, Player Unknown's Battlegrounds, Plants vs Zombies, TikTok, Viber and Weibo.

They noted that it was not clear what the apps did with the data.