TikTok was caught snooping on its users in the boldest way ever: the viral video-sharing app was reading the clipboard’s content on iOS devices. A group of researchers brought notice to this problem in March 2020 and TikTok pledged to fix it.
A few months later, it turned out that the company hasn’t changed a thing.
The TikTok Privacy Scandal
Just a few weeks ago, thanks to the newest iOS14 security feature, it was exposed that TikTok was still spying on and reading its users’ clipboards. It couldn’t be any more obvious as Apple’s latest developer’s beta update has a feature that warns the device owners when something unusual happens.
TikTok was caught monitoring the clipboard every time a user hit the space button or any punctuation mark. Although some experts believe that clipboard data never left users’ devices, the fact that somebody has access to it is quite disturbing.
Nevertheless, the problem with apps collecting your data without your knowledge is getting too intense. People are gladly using tech, but they do not appreciate it when this tech is spying on them. And unfortunately, TikTok is not the only app that messes with your privacy.
Other Apps that Spy on You
According to the same researchers, quite a few apps are engaged in reading clipboard content. Some of them responded promptly and got rid of the privacy-depriving activity, others decided to disregard the accusation. If you wish to see the full list of the apps that are safe to use, check them on the Mysk blog.
Among the sneaky apps who peek at your clipboard, there were (and still are) many popular ones – news outlets including CBC, CNBC, Fox News, the New York Times, The Economist, Vice News, games like Fruit Ninja and Plants vs. Zombies, social media platforms such as Viber, Zoosk, and Weibo, and many others.
So if the audience of TikTok is still too young to own a crypto wallet, the user base of other apps is much wider. And that’s a big deal. If the app stores all the data that it collects from you on servers and if you ever copied your mnemonic, the safety of your funds is in danger.
Although Twitter has never been caught in something as reckless as clipboard snooping, it also made headlines. Hackers managed to get access to a bunch of high-profile verified accounts asking people to send Bitcoins to get more in return. They say the hack was only possible if someone from Twitter’s core team got involved.
And once again, that raises a level of concern regarding our online security. In the age where we keep most of our sensitive data in digital form, how important it is to keep this data safe?
The Clipboard Copying Issue
The cryptocurrency space is often targeted by hackers and scammers. If you’re not cautious enough about installing anti-virus software, your phone might be infected with malware that reads the clipboard. Or when you choose to keep your crypto on exchanges regardless of possible hack attacks, it is still your responsibility. You could have prevented it.
But when you use a mainstream app that is supposed to be safe to use and then it copies the content of your clipboard, stores it on a server, and then a leak happens and your mnemonics get exposed – that’s not on you, that’s the flaw of that particular app that decided to snoop on your business.
Of course, you might have known better than to copy-paste sensitive information but if you constantly run anti-virus checks and use a secure wallet to store your assets, you have a right to expect that nothing bad is going to happen.
It is not uncommon that passwords end up being sold on the dark web. In fact, one study suggests that more than 15 billion credentials are being distributed on the dark web, from streaming service passwords to bank details. This number is three times higher than a couple of years ago.
One simple solution to this privacy problem is to add mandatory permission for any app to use the clipboard like they already do with a camera or microphone. Also, it would be fair if the app creators were more clear about the fact that it reads clipboard data and explains why they do so. As of today, nothing of this has been implemented yet, and we’re all at risk.
Financial apps that are focused on security will simply not allow you to copy any sensitive information like mnemonics. What is the one thing that you want your crypto wallet to focus on the most? Keeping your funds safe, obviously!
Lumi Wallet is focused on security, and we thought about the clipboard issue long before the TikTok scandal. In Lumi, you cannot copy-paste your seed phrase and you’ll have to type everything in manually. Just make sure to keep the phrase in a safe place, preferably written by hand. And it wouldn’t hurt to keep a few copies.
The Bottom Line
With all the privacy scandals getting more frequent, it is important to protect yourself. Install decent anti-virus software and run occasional checks. Do not keep any apps open when you work with your crypto wallet. And make sure to get the wallet that puts your security above all else and always type in your mnemonic manually.