Researchers in the field of information security have found that several popular iOS applications, including the TikTok short video service, pull data from the device’s clipboard when starting up.
It was also revealed that they retrieve data from the buffer intentionally. It is also important that we are talking about sensitive data: logins/passwords from the password manager, wallet numbers, and other confidential information.
The mechanics of reading the buffer are also important. If it was previously reported that reading data from the buffer is performed each time the application is opened/launched, then recently it was revealed that this happens every time the user enters a space character, comma, or period. That is, reading the buffer happens almost in real-time when the device owner uses a smartphone.
The strange behavior of applications, specifically TikTok, became known back in March. Then the developers pledged to correct the situation with the invasion of the user clipboard.
In fact, unscrupulous mobile developers would continue to collect data with impunity, if not for the new iOS 14 feature to combat popup ads and other ‘black’ mobile advertising techniques.
The strange behavior of iOS developers shows that we are rapidly moving to several major crises of the mobile segment. In particular, the society runs the risk of a systematic violation of confidentiality due to the desire to maximize monetization of the application where historically everything is “proprietary and fenced”. Downloading an application from AppStore has always been a guarantee for the user that “everything is clean” with him. Also, people are used to trusting brands and large networks.
Now we see that the Chinese TikTok, supported by Chinese capital, is rummaging through the buffer, and American television channels and popular games follow it quite a bit. Moreover, the problem has been known since March, but the application is still in the store, and the developers simply “promise to fix everything”, but not in a hurry.