TikTok vows urgent privacy review after clipboard reading sparks user outrage

Laurence Dodds
TikTok - Alamy

TikTok has announced an urgent privacy review after its iPhone app was caught constantly reading  users' clipboards without their permission.

The Chinese video-sharing app sparked outrage last week when the Telegraph reported that it was still snooping on users' copying and pasting activity three months after promising to stop.

It was among dozens of apps whose snooping was exposed by a beta version of Apple's latest operating system, which notifies users when their clipboard was being accessed.

Those apps, however, gave little or no explanation of the behaviour. The full list includes AccuWeather, Overstock, AliExpress, Call of Duty Mobile, Patreon and Google News.

Roland Cloutier, TikTok's chief information security officer, said on Monday that the function had been switched off in the app's most recent update, released on June 27, and that no personal data had ever been collected.

He added that his team is specifically checking whether any other part of the app might be reading users' clipboards without their say-so, part of an ongoing security review announced earlier this month.

It  comes after the Indian government banned TikTok and 58 other Chinese apps entirely amid a diplomatic stand-off over the two countries' disputed Himalayan border.

When can apps read your clipboard?

Mr Cloutier said: "While many apps are triggering this type of notification, often for innocuous reasons, users have legitimate questions about what companies are doing with data.

"We've undertaken a full review of all clipboard issues to consider other possible scenarios where this could occur... over the next several days, we will work with our third-party partners to confirm that no other such scenarios exist. 

"We're committed to building an app that respects the privacy of our users and to being more transparent with our community."

The issue of unauthorised clipboard-reading first came to public attention in March, when researchers found TikTok and a host of other iPhone apps were doing it every time they were on screen without explaining why. 

Though clipboard-reading has innocuous uses, it could also in theory be used to steal passwords, bank details or the contents of messages.

The Telegraph found that two widely used third-party software tools were to blame, and their makers vowed that no personal data had been exposed. Nevertheless, TikTok and several other apps said they would deactivate the feature.

According to Mr Cloutier, however, TikTok then launched a new anti-spam system on May 22 which checked users' clipboards constantly to see if they were repeating themselves. The feature only existed in TikTok's iPhone version, not its Android version.

Mr Cloutier said: "In layman's terms, the anti-spam program never sent user data off the user's device. Nonetheless, we understand that the notification had the unintended consequence of making it appear as though we might be doing more."

TikTok's privacy and security issues have drawn particular scrutiny due to its Chinese ownership, with hawkish politicians and officials in the United States fearing that it might be a threat to national security.

Historically, smartphone apps have been allowed unrestricted access to users' clipboards on both Apple's iOS operating system and Google's Android. 

The new iOS 14 version attempts to narrow that loophole by telling users when their clipboard is being read and giving app makers new tools to minimise the data they collect.