iPhone Users Beware: TikTok and Some iOS Apps Are Gaining Access To Your Device’s Clipboard
Are you the type of iPhone user who usually copies password or even credit card numbers on your phone to easily paste them on websites? If you are, then you might have exposed these types of information to a group of famous iPhone apps just like how cybercriminals can slip malicious codes to a system.
Research
Talal Haj Bakry and Tommy Mysk are the app developers to recently publish a research that uncloaks a huge fault with the cut-copy-paste feature found on Apple iOS devices. These developers discovered that Apple gives apps access to read data that are stored in the clipboard of the system, popularly known as Pasteboard on iOS devices. In addition to this, they also found out that a lot of well-known iPhone and iPad apps have the ability to access this data once the user utilizes and opens them.
According to Bakry and Mysk, they have investigated a dozen of popular apps that can be found in the App store and discovered that they usually access the pasteboard even without the user’s permission. The investigation also attests that most of these popular apps access the text content that is placed on the pasteboard.
Copy and Paste Dangers
Apps that have the ability to read and access the cut and copied text, as well as media on any iOS device include a lot of social networking apps such as Weib, Viber, and TikTok. Gaming applications like PUBG Mobile, Plants vs. Zombies Heroes, and Fruit Ninja also inherit the ability to pry on your Pasteboard content. The rest of the apps include live sporting events platform such as Dazn, as well as ecommerce apps like Overstock and AliExpress, and the Hotels.com.app.
However, news applications look like the leading culprit in accessing this information. Some of the apps intruding your clipboard are CBS News, Accuweather, The New York Times, ABC News, Vice News, The Huffington Post, NPR, and Fox News.
Moreover, Bakry and Mysk also presented a video that showed how they found the loophole in these apps. It is important to take note that there is no evidence showing that these apps and the companies that made them have done anything malicious with the information they have accessed. The research only suggests that all of these applications are simply reading the data without any permission from the user.
The Loophole
Last February, the similar group of developer published their findings concerning the same loophole found on the iOS pasteboard. They discovered that the GPS location information was the one that leaks to the apps, giving them access to the clipboard. Basically, this happens when a user copies a picture that is snapped using the default camera of the iOS device.
Apple told Bakry and Mysk that they don’t see any problem with this kind of flaw. But with their recent findings and discoveries, the two developers are now encouraging Apple to address this vulnerability. They also added that they don’t know what these apps do with the data but to prevent them from exploiting it, Apple needs to take action now.