The Chinese social media video streaming app, TikTok, has been the subject of yet another controversy. According to a Forbes report, it has been found to be snooping on people by exploiting a bug in iOS 14 and accessing the clipboard secretly. While allegations surrounding security concerns of the said app are not new, a fresh set of concerns was raised by security experts Talal Haj Bakry and Tommy Mysk.
Dismissing all allegations, Bytedance, the owner of TikTok reiterated that the problem was related to an outdated Google Advertising Software Development Kit (SDK). In its defence, the Chinese app said that access to clipboards on the phone was caused due to a ‘feature’ which is meant to identify spammy and repetitive behaviour. TikTok claimed that an updated version of the app was submitted to remove both the feature and the confusion. Forbes noted that while TikTok had vowed to put an end to this ‘invasive practice,’ but it continued unabated as late as April.
“TikTok is committed to protecting users’ privacy and being transparent about how our app works,” the Chinese app was quoted as saying. It further assured to invite outside experts to their Transparency Centre. As per the report, the company was initially willing to brush aside the vulnerabilities of their app and blamed obsolete third-party SDKs. A TikTok spokesperson said, “The clipboard access issues, showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this. We are in the processes of updating so that the third-party SDK will no longer have access.”
TikTok caught red-handed
As per the report, TikTok assured that the issue was fixed. “TikTok does not get access to the data, but we are updating regardless to resolve it”, the company informed over email correspondence. However, with the development of Apple’s new iOS 14, it was revealed that the Chinese app was still having access to the clipboard messages, contrary to the earlier claims. While it could not be ascertained whether the act was ‘deliberate or inadvertent’, but all such apps would have to change.
The Data Vulnerability of TikTok
Forbes reported that Apple had a universal clipboard functionality which implied that anything copied on the Macbook could also be read on the iPhone or iPad. In case TikTok is active on a phone that is used for work, then, the app can read financial information, passwords, sensitive data, documents, and so on. When the Chinese app was exposed in early 2020, there were questions about how the user data was put to use by the company. But, with the recent security update in Apple’s security features, the app is forced to make changes.
Apple indifferent to the data breach
As per the Forbes report, Apple initially refused to acknowledge the vulnerabilities in the Chinese app and came up with a solution, following media uproar. The report also urged TikTok users to update the app to the latest version and remember that the app has active access to one’s clipboard, prior to the release of the update. Researchers conceded that while iOS had a mechanism to counter security risks, it was not effective in safeguarding data privacy. “There was a tremendous public interaction with the topic—not only iOS users but also Android users demand more restriction and transparency about the apps that use the system-wide clipboard,” they emphasised.
