Report: Apple Caught China-Owned TikTok Spying on Millions of iPhone Users

Breitbart ^ | 27 Jun 2020 | TOM CICCOTTA

[E. Pluribus Unum]

A report published on Friday suggests that the megapopular China-owned social media application TikTok was spying on users through a vulnerability in the latest version of Apple’s iOS smartphone firmware.

According to a report by Forbes, the popular social media platform TikTok may have been spying on millions of users by spying on data copied to their iPhones’ clipboard through a vulnerability in the latest iOS smartphone firmware.

The vulnerability, which allows application developers to access a user’s clipboard, data was modified on June 23 by Apple. Now, users will be prompted with a notification when an application gains access to their clipboard data.

A representative from TikTok told Forbes that the issue occurred as a result of a feature that was implemented to prevent spam on the platform.

According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.

TikTok claims that the clipboard access issues were triggered by an older version of the Google advertising SDK.

“The clipboard access issues,” the TikTok representative added, “showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this (presumably they do but we cannot speak to that). We are in the processes of updating so that the third-party SDK will no longer have access.”

Breitbart News reported at the beginning of June that children spend almost as much time on TikTok as they do on YouTube. The report revealed that children approximately 80 minutes on each application...

[Savage Rider]

Please stop using TikTok and ask your kids to stop.

[Zathras]

The same group that tried to sabotage Trump’s rally in Tulsa

[Zhang Fei]

What’s your take on this? Overhyped or genuine risk?

[CJ Wolf]

TikTok should be banned. It is a collection tool for the CCP and it targets kids.

[dayglored]

My take is that TikTok is spyware. I’m rather surprised that Apple permitted it in the App Store in the first place.

Vulnerabilities happen in all software so companies have to be particularly careful about allowing apps tied to known malefactors, regardless of their popularity.

I continue to use Apple products (Macs, iPhones, iPads) because overall they appear to me to be the best mix of function, privacy, and data security. But nothing is perfect. I’d like to see Apple drop support for TikTok.

[Zhang Fei]

[My take is that TikTok is spyware. I’m rather surprised that Apple permitted it in the App Store in the first place.

Vulnerabilities happen in all software so companies have to be particularly careful about allowing apps tied to known malefactors, regardless of their popularity.

I continue to use Apple products (Macs, iPhones, iPads) because overall they appear to me to be the best mix of function, privacy, and data security. But nothing is perfect. I’d like to see Apple drop support for TikTok. ]

---

Thanks for the tip. I don’t use Tiktok (or Twitter or Facebook) and probably never will. But I’m just curious as to how vulnerable smartphone API’s are to a determined state actor like TikTok (because of the likely official embedding of Chinese government hackers or at least political officers among the programming staff).

[KSCITYBOY]

btt

[LegendHasIt]

The outrage! TicTok spying on I-phone users.

That’s Apple’s job, the cell provider’s job, and the NSA’s job.

[dayglored]

You are right to be concerned about determined state actors. China has a tremendous number of bright, talented, and highly motivated technical people, many trained in the US and aware of Western conventions and habits. As a result, China can throw an enormous amount of firepower at our APIs and firewalls, our encryption implementations, our security mechanisms, etc.

Apple’s technical team is similarly bright and talented, but their motivation is necessarily somewhat different. They are mainly trying to develop products, increase capabilities and features, improve security, etc. I’m sure Apple has a great test/QA team trying to find weaknesses and mistakes both in design and implementation. But the sheer numbers are in favor of the Bad Guys.

Just as with the argument for Open Source — that having lots of eyeballs makes it easier to find errors — lots of eyeballs also makes it easier to hack into defenses.

TikTok is like a Trojan horse in every sense. Users install it at their peril. Of course, there are many such nefarious apps around, but the huge popularity of TikTok gives it much greater coverage and momentum.

[Swordmaker]

Dayglored said: “My take is that TikTok is spyware. I’m rather surprised that Apple permitted it in the App Store in the first place.” My response is that all apps that access the web have the potential to be spyware. In this instance, any app that has access to the clipboard and copy and paste can obviously paste what is currently in the paste buffer. That’s what this is all about! If that capability is there, it’s child’s play to send what’s in that buffer to the app’s server! Any browser or messenger app could do it. In fact, any connected app could. The question is, “do you trust the app publisher NOT to do it?” Why is TikTok any different from any other publisher except that it’s owned and controlled by the Chinese Communist Government. What do we put in our cut and paste clipboard might make all the difference. . . If it’s sensitive data, don’t leave it there in the buffer. Copy something else totally innocuous, such as a single word, “word” would be a good copy choice to leave in the buffer. Just don’t leave your secret plans to invade China, or the top secret, burn before reading, plans for the new Z bomb, in the buffer after you’ve finished sending them to your henchmen! —PING!

APPLE TikTok vulnerability? No, not really. . .
It’s FUD, Fear, Uncertainty, and Doubt, Again!
PING!

If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.

[Swordmaker]

Think about it, what are the average TikTok users going to have in their clipboard buffers?

The answer is obvious: The last photo or meme they copied to post on TikTok! These users one time use buffers are NOT going to have a damn thing of momentous import in them that’s most likely not already uploaded on their TikTok account.

[Swordmaker]

Incidentally, I read through the deeper linked articles on the TIKTOK malware and found that it’s mostly Android spying that sends back user info. I found zero references to Apple iOS for user info that could not be gleaned from the Cellular data carrier!

[The Westerner]

Thanks for the research on this. Never heard of TT until recently.

[Swordmaker]

What’s your take on this? Overhyped or genuine risk?

FUD. See my response above in replies 30, 31, and 32.

[Biggirl]

Are you sure about that?

[Biggirl]

Is Tick-tok trying to replace YouTube?