Not only TikTok, 53 other Apps including PUBG spy on your iPhone clipboard

0

Researchers find a total of 54 Apps like TikTok, PUBG Mobile, Truecaller accessing your confidential clipboard data on iPhone without your consent

The release of iOS 14 for iPhones by Apple has opened a virtual pandora’s box. Soon after the release of the iOS 14 beta version at the WWDC 2020 by Apple, a user found out that TikTok short video uploading App was spying on iPhone user’s clipboard data without his/her consent. Now it is found that a whopping 54 iPhone Apps spy on your clipboard data.

Security researchers, Talal Haj Bakry and Tommy Mysk have found that 53 other iOS Apps excluding TikTok have been snooping on iPhone users’ sensitive clipboard data passwords, addresses, and anything else that the iPhone user pastes to the clipboard. In a blog post, the researcher duo says that they have identified 53 different apps snooping on iPhone users’ clipboard data.

The researchers found a total of 54 iPhone Apps frequently access the iOS clipboard without iPhone users’ knowledge. Out of these, Apps like TikTok do it every six seconds or so. Others access the clipboard every time the App is started by the iPhone user.

The researchers found that these 54 Apps were only interested in accessing the user’s text pasted on the clipboard and ignored documents, video, and images files. As per researchers, these iOS apps “deliberately called an iOS programming interface that retrieves text from users’ clipboards.”

The horror doesn’t stop only at snooping on the iPhone clipboard data. The researcher duo says that due to Apple’s universal clipboard feature, these apps could be accessing clipboard data across users’ iPhone, iPad, and Mac. This means these below-mentioned Apps could have universal access to any Apple device clipboard data. Here are the 54 culprit Apps.

  • ABC News — com.abcnews.ABCNews
  • Al Jazeera English — ajenglishiphone
  • CBC News — ca.cbc.CBCNews
  • CBS News — com.H443NM7F8H.CBSNews
  • CNBC — com.nbcuni.cnbc.cnbcrtipad
  • Fox News — com.foxnews.foxnews
  • News Break — com.particlenews.newsbreak
  • New York Times — com.nytimes.NYTimes
  • NPR — org.npr.nprnews
  • ntv Nachrichten — de.n-tv.n-tvmobil
  • Reuters — com.thomsonreuters.Reuters
  • Russia Today — com.rt.RTNewsEnglish
  • Stern Nachrichten — de.grunerundjahr.sternneu
  • The Economist — com.economist.lamarr
  • The Huffington Post — com.huffingtonpost.HuffingtonPost
  • The Wall Street Journal — com.dowjones.WSJ.ipad
  • Vice News — com.vice.news.VICE-News
  • 8 Ball Pool™ — com.miniclip.8ballpoolmult
  • AMAZE!!! — com.amaze.game
  • Bejeweled — com.ea.ios.bejeweledskies
  • Block Puzzle — Game.BlockPuzzle
  • Classic Bejeweled  com.popcap.ios.Bej3
  • Classic Bejeweled HD — com.popcap.ios.Bej3HD
  • FlipTheGun — com.playgendary.flipgun
  • Fruit Ninja — com.halfbrick.FruitNinjaLite
  • Golfmasters — com.playgendary.sportmasterstwo
  • Letter Soup — com.candywriter.apollo7
  • Love Nikki — com.elex.nikki
  • My Emma — com.crazylabs.myemma
  • Plants vs. Zombies™ Heroes — com.ea.ios.pvzheroes
  • Pooking – Billiards City — com.pool.club.billiards.city
  • PUBG Mobile — com.tencent.ig
  • Tomb of the Mask — com.happymagenta.fromcore
  • Tomb of the Mask: Color — com.happymagenta.totm2
  • Total Party Kill — com.adventureislands.totalpartykill
  • Watermarbling — com.hydro.dipping
  • TikTok — com.zhiliaoapp.musically
  • ToTalk — totalk.gofeiyu.com
  • Tok — com.SimpleDate.Tok
  • Truecaller — com.truesoftware.TrueCallerOther
  • Viber — com.viber
  • Weibo — com.sina.weibo
  • Zoosk — com.zoosk.Zoosk
  • 10% Happier: Meditation —com.changecollective.tenpercenthappier
  • 5-0 Radio Police Scanner — com.smartestapple.50radiofree
  • Accuweather — com.yourcompany.TestWithCustomTabs
  • AliExpress Shopping App — com.alibaba.iAliexpress
  • Bed Bath & Beyond — com.digby.bedbathbeyond
  • Dazn — com.dazn.theApp
  • Hotels.com — com.hotels.HotelsNearMe
  • Hotel Tonight — com.hoteltonight.prod
  • Overstock — com.overstock.app
  • Pigment – Adult Coloring Book — com.pixite.pigment
  • Recolor Coloring Book to Color — com.sumoing.ReColor
  • Sky Ticket — de.sky.skyonline
  • The Weather Network — com.theweathernetwork.weathereyeiphone

Proof-of-concept PoC video of the Apps spying on iPhone clipboard:

What’s at risk for iPhone users?

The clipboard data, especially the texts, may include various sensitive information about the users. The iPhone user may paste passwords, sensitive banking log in data, email ids, crypto wallet keys, and other personal information such as messages, emails, and chats to the clipboard. The above 54 Apps could very well be relaying the information back to their servers and could be misused by the company or some disgruntled employee.

Fix for iPhone Apps snooping on the clipboard

The researchers see no solution other than Apple releasing an update to stop these 54 Apps from spying on iPhone users’ clipboard. You as an iPhone user can delete Apps from the above list that you don’t consider necessary. Also, even if you do have to keep the above Apps, open the Apps only after making sure your clipboard is empty on all your Apple devices.

Share.

About Author

Hacker, coder, Jouno by night When a good man is hurt, all who would be called good must suffer with him

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments