TikTok may be ending its nosy clipboard reading on iOS, but that doesn’t mean other app developers are mending their ways. Security researcher Tommy Mysk told Ars Technica in an interview that an additional 53 apps identified in March are still indiscriminately capturing universal clipboard data when they open, potentially sharing sensitive data with other nearby devices using the same Apple ID. The apps are major titles, too — they’d normally be trustworthy.
The behavior is visible in news apps for Fox News, the New York Times and the Wall Street Journal. You’ll also find it in games like Bejeweled, Fruit Ninja and PUBG Mobile. Social apps like Viber, Weibo and Zoosk. Some utility and media apps do this as well, including AccuWeather, DAZN and Overstock.
Some app developers have vowed to alter their behavior. Alongside TikTok, 10% Happier and Hotel Tonight are cutting back their clipboard use. There are apps that make smart use of the clipboard, too. Pixelmator, for instance, only pulls data if there’s an image. It also won’t be surprising if there are more changes thanks to iOS 14’s clipboard monitoring, which Apple will credit to Mysk and his colleague Hal Bakry.
However, the concern isn’t just that this handful of apps are misusing the keyboard. There’s a chance that many other apps are exhibiting similar behavior. It’s also unclear how these apps behave in Android. TikTok said the anti-spam feature that raised alarms over the iOS version isn’t present in Android, but didn’t say if it accessed the clipboard on Google’s OS for other reasons. Regardless of your device choice, then, it’s a good idea to avoid copying sensitive data unless necessary and to clear out the clipboard (such as by copying a harmless piece of text) when you do copy valuable info.