How often do you clean out your phone’s clipboard? If you don’t know what that is, you’re not alone. In a nutshell, your clipboard is where your phone temporarily stores text, images and other content you copy and paste elsewhere. You can’t exactly see what’s being stored there at any given time unless you manually tap paste in another part of your phone.
Clipboards are an essential part of any computer system, but they can also be vulnerable to security issues. Earlier this year, researchers discovered how iPhones suffered a common weakness to apps that could snoop on private clipboard contents. Tap or click here to see what you can do to avoid getting spied on.
But the problem has significantly escalated thanks to new discoveries from these same researchers. After digging deeper, they found that TikTok, as well as 53 other iOS apps, enjoy unrestricted access to your clipboard, and intentionally scan and retrieve that data. Here’s what we know, and what you can do to retain your privacy.
TikTok is keeping its eye on you
Researchers from security firm Mysk have expanded upon their initial report showing the dangers of unrestricted clipboard access on iOS. But rather than just point out how vulnerable this area of your iPhone is, they’ve now uncovered that more than 50 apps — including the obscenely popular TikTok — intentionally access your clipboard for data.
As you can see in the video above, the permissions granted by the operating system put a potential wealth of information in the hands of these app developers. If you make the mistake of copying or pasting sensitive information like a password, it can easily get scooped up by these apps running in the background.
But it’s not just limited to one device, either. If you sync your notes or other files between devices using the same iCloud account, your devices share a so-called “universal clipboard.” This means anything saved to a clipboard across all your iCloud-connected devices is fair game for these snoops.
What’s more, early-adopters of the iOS 14 beta discovered how aggressively some of these apps scan for content in real-time. In a Twitter thread composed by one of the authors of Emojipedia, iOS 14’s paste notification feature alerted him that TikTok was scanning and copying his clipboard approximately ever 1-3 keystrokes. That’s a lot of effort put into snooping!
Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification pic.twitter.com/OSXP43t5SZ— Jeremy Burge (@jeremyburge) June 24, 2020
As bad as this is, there are fortunately some steps you can take to secure your clipboard and prevent yourself from being spied on.
What apps are spying on me? What can I do?
The researchers from Mysk have graciously provided a complete list of the apps they detected were snooping on users’ clipboards. The format as follows includes both the app name, as well as its BundleID in your phone’s code.
If you use any of the following apps, you may want to clear your clipboards out before opening them — or perhaps avoid using the apps altogether.
- ABC News — com.abcnews.ABCNews
- Al Jazeera English — ajenglishiphone
- CBC News — ca.cbc.CBCNews
- CBS News — com.H443NM7F8H.CBSNews
- CNBC — com.nbcuni.cnbc.cnbcrtipad
- Fox News — com.foxnews.foxnews
- News Break — com.particlenews.newsbreak
- New York Times — com.nytimes.NYTimes
- NPR — org.npr.nprnews
- ntv Nachrichten — de.n-tv.n-tvmobil
- Reuters — com.thomsonreuters.Reuters
- Russia Today — com.rt.RTNewsEnglish
- Stern Nachrichten — de.grunerundjahr.sternneu
- The Economist — com.economist.lamarr
- The Huffington Post — com.huffingtonpost.HuffingtonPost
- The Wall Street Journal — com.dowjones.WSJ.ipad
- Vice News — com.vice.news.VICE-News
- 8 Ball Pool™ — com.miniclip.8ballpoolmult
- AMAZE!!! — com.amaze.game
- Bejeweled — com.ea.ios.bejeweledskies
- Block Puzzle —Game.BlockPuzzle
- Classic Bejeweled — com.popcap.ios.Bej3
- Classic Bejeweled HD —com.popcap.ios.Bej3HD
- FlipTheGun — com.playgendary.flipgun
- Fruit Ninja — com.halfbrick.FruitNinjaLite
- Golfmasters — com.playgendary.sportmasterstwo
- Letter Soup — com.candywriter.apollo7
- Love Nikki — com.elex.nikki
- My Emma — com.crazylabs.myemma
- Plants vs. Zombies™ Heroes — com.ea.ios.pvzheroes
- Pooking – Billiards City — com.pool.club.billiards.city
- PUBG Mobile — com.tencent.ig
- Tomb of the Mask — com.happymagenta.fromcore
- Tomb of the Mask: Color — com.happymagenta.totm2
- Total Party Kill — com.adventureislands.totalpartykill
- Watermarbling — com.hydro.dipping
- TikTok — com.zhiliaoapp.musically
- ToTalk — totalk.gofeiyu.com
- Tok — com.SimpleDate.Tok
- Truecaller — com.truesoftware.TrueCallerOther
- Viber — com.viber
- Weibo — com.sina.weibo
- Zoosk — com.zoosk.Zoosk
- 10% Happier: Meditation —com.changecollective.tenpercenthappier
- 5-0 Radio Police Scanner — com.smartestapple.50radiofree
- Accuweather — com.yourcompany.TestWithCustomTabs
- AliExpress Shopping App — com.alibaba.iAliexpress
- Bed Bath & Beyond — com.digby.bedbathbeyond
- Dazn — com.dazn.theApp
- Hotels.com — com.hotels.HotelsNearMe
- Hotel Tonight — com.hoteltonight.prod
- Overstock — com.overstock.app
- Pigment – Adult Coloring Book — com.pixite.pigment
- Recolor Coloring Book to Color — com.sumoing.ReColor
- Sky Ticket — de.sky.skyonline
- The Weather Network — com.theweathernetwork.weathereyeiphone
How do you clear your clipboard out? It’s simple. Just replace what you’re copying to it on a regular basis. In other words, keep a bit of text in your Notes app and copy that once you’ve finished pasting something else.
Try to make it a simple word or sentence that doesn’t say anything important. That way, the only data you’re hanging on to is a piece of harmless text.
This is yet another reason why it’s important to review what apps you download to your device, as well as the permissions they’re allowed. Don’t forget, however: These data-hungry apps can’t snoop on your clipboard if they’re not installed on your phone in the first place. Tap or click here to see even more iOS apps you need to delete right now.