TikTok's Clipboard Spying

TikTok's Clipboard Spying

It has been shown time and again that downloading unknown applications from the web is a bad idea. Malware, ransomware and other computer viruses are all too common, some even worming their way into government networks and hospital systems.

Many people assume those who create these apps and spread viruses are criminals; hooded anonymous figures that aim to wreak havoc. However, this is not always true. Some malicious apps do try to disrupt your network or block access to your files but other more benign apps could be quietly trying to collect your personal data for marketing purposes for example.

The massively popular app TikTok recently faced criticism from users after their devices were showing alerts that the app was accessing their clipboards. This came after an iOS update that pledged to keep privacy “under your control” and “transparent”.

 

This may seem frightening, however, cyber-security experts told the BBC that “It’s not ideal but in this case there is no evidence that it was sending the data anywhere other than the phone. There’s no cause for alarm.” TikTok said that the clipboard spying is an anti-spam feature that was implemented to identify “repetitive, spammy behaviour” which has been removed from the app in a recent update. Nothing to worry about there then, we can move on.

The questions this raises for us are how can you know what any of these proprietary apps are actually doing behind the scenes and how do you protect yourself from their potentially rogue behaviour? There are no absolutes in cyber security but we think there are two steps in particular you can take to significantly improve your online security and privacy.

The first is to, wherever possible, steer away from proprietary apps in favour of open source solutions. These are exactly as described. They allow detailed review and inspection of the software source code by an expert peer group. Excellent examples are the Firefox web browser and Thunderbird email client from Mozilla. Any attempts to create a backdoor to your account or grab your personal data, both extremely unlikely in the case of Mozilla, are likely to be spotted and exposed by the expert community.

The second and more demanding step is to use an operating system that is specifically designed to block the running of any new code that may be intentionally or accidentally acquired by the user. Essentially the operating system does not give the user the permission to install any new code. In this way the system is protected from malware and rogue apps as they simply will not run. Of course for such a system to be at all useful it will need to include a suite of common apps that have been verified and pre-installed by a system administrator. However, once set up this provides a very secure environment.

The challenge of staying secure and private online is not getting any easier. This is becoming more of an issue for many of us as we are either working from home with confidential company data or having to connect remotely and securely to office networks. However, at the expense of some convenience, there are steps you can take to create a very secure computing environment. At Keep Stick we try and make these steps as easy as possible for the non computer specialist to implement and benefit from.