TikTok case exposes curse of the clipboard
There’s a snowballing story about apps that copy your phone or tablet clipboard contents and it begins with TikTok.
Welcome to The Download, The Australian’s technology blog for the latest breaking tech news.
Chris Griffith 9.20am: TikTok is start of clipboard horror story
There’s a snowballing story about apps that copy your phone or tablet clipboard contents and it begins with TikTok.
TikTok, which collects data about its users using mechanisms such as challenges and surveys, late last month was outed specifically over copying information from the clipboard of users phones and tablets. It’s not the only app that does this. According to reports, about 50 have been outed so far. But this was the first and more are likely to follow shortly.
This is serious. Whenever you copy and paste data using the regular copy/paste, it goes via the clipboard which stores data temporarily that we move between applications. There are many circumstances when we might hold very confidential information in the clipboard.
For example, you might write a very confidential and explosive letter in Word, then copy and paste it into a secure encrypted email service such as ProtonMail or Tutanova thinking your correspondence is totally safe, omitting to think that your letter could have been nicked from the clipboard. You might never remember your credit card number, so you copy and paste it via the clipboard onto payment sites. Some cloud-based password safes will conveniently insert your login/password into a login screen by first copying them into the clipboard and pasting them onto a website. The clipboard can store lots of highly sensitive information.
This issue has now come to a head in iOS, the operating system used for iPhones and iPads. Apple has included a safeguard in the upcoming iOS14 version which will tell you when the clipboard is being accessed by an app, so you can monitor this.
The final iOS14 version is not public yet, however developers using an early version of it have detected lots of apps that access the clipboard while they are open, and the first one was TikTok. In a blog post dated June 30, TikTok said it had removed this vulnerability in an app update, but the reasoning as to why TikTok accessed the clipboard is interesting.
Clipboard is not just an iOS issue with Apple’s universal clipboard letting users copy and paste from one device to another, for example from an iPhone to a MacBook.
TikTok acknowledges that users started getting notifications about TikTok accessing their clipboard when they tried to type comments on a video in the app.
“In this case, we had been working to address the problem of spam and incidents where users sometimes post the same comments on hundreds of videos,” TikTok chief information security officer Roland Cloutier said in a blogpost. “Our technology allowed us to identify users who were copying comments and placing them over and over in the comment section for different videos. We took this as a signal that the user had an agenda, such as promoting themselves to gain followers, or trolling other users. “
He said TikTok rolled out this feature to its iOS app on May 22 but due to the expose, removed it in version 16.1.1 of the TikTok app which appeared in the iOS App Store on June 27. TikTok says it is now using other methods to detect SPAM comments. The full blogpost is here.
The public would not have known about this, without the new iOS14 notification feature which has now outed other apps accessing keystrokes and the clipboard contents including LinkedIn and Reddit. According to reports, both say they will discontinue using the clipboard in this way.
In the end, apps need to access clipboard contents if you are going to paste items to them, but the security around the clipboard needs tightening so that you give specific permission for an app to access the clipboard under specific circumstances. Expect more app outings once Apple’s iOS 14 is in the hands of millions of general users.
Chris Griffith 10.00pm: Sezzle’s star is rising in buy now, pay later grab
Sezzle has emerged as the new star of Australia’s fast-growing “buy now, pay later” players, but the white-hot run of the tech sector threatens to be derailed by the stalling of consumer spending habits.
Sezzle is the latest to tap the market, on Friday launching an $87m placement and share purchase plan after its shares soared to record highs of $6.95 — a surge of almost 800 per cent since April 1, with the payments company yet to turn a profit.
While the sector is riding high, consumer experts warn that the market for “buy now, pay later” services could drastically soften with changing economic circumstances.
“(The services) are no less susceptible to an economic downturn than merchandise itself, so once people buy less, then they will also use these services less,” said Kai Rieme from the University of Sydney Business School.
“In the short term, if people are pressed for cash in the pandemic, they (the companies) might actually benefit from the current situation. There’s no guarantee in the middle or long term that they might do well.”
Chris Griffith 1.15pm: You can download and test Betas of Apple’s upcoming operating systems
Apple users interested in trialling Apple’s latest software for its devices can install public beta versions of the iOS, iPadOS, macOS, tvOS and watchOS operating systems. The new public beta versions are now rolling out.
They don’t install automatically. You need to go to beta.apple.com, enrol your device and install a profile if you are using an iPhone or iPad in general settings.
After installing the profile, you check for system updates and install the Beta.
Apple warns that its Beta software can contain bugs and advises users to backup your device to the cloud or a computer beforehand. Final versions of the operating systems are expected to be released from September onwards.
Chris Griffith 11.30am: CSIRO partnership to build flexible phone screens
Melbourne-based Boron Molecular, South Korean manufacturer Kyung-In Synthetic and Australia’s CSIRO has signed a partnership agreement around the production of flexible phone screens. This may turn out to be a significant agreement, because flexible phone screens will probably be sold in the millions in future, once production costs decrease.
Samsung, Motorola, Huawei and Royole are among manufacturers already producing foldable phones with flexible displays, however the consumer market won’t be large until the prices drop from $2000-$3000 plus, to what Australians can afford.
Nevertheless, this is good news in the longer term. “Now with the manufacturing capability, international reach and reputation of KISCO, we can offer CSIRO’s chemical technologies at scale to a global market,” says Zoran Manev, managing director of Boron Molecular, which spun out of CSIRO 20 years ago.
CSIRO in a statement says Boron Molecular and KISCO will use a suite of CSIRO technologies to help make high purity precision engineered polymers for flexible electronics, and for other applications in health, industry and agriculture.
“The new agreement will bolster Australia’s sovereign manufacturing capability, create local jobs and open the door for Boron Molecular to further commercialise CSIRO’s technology in new global markets via KISCO’s international links and production capacity,” says John Tsanaktsidis, Advanced Fibres and Chemical Industries Research Director at CSIRO.
KISCO CEO and President Sung Yong Cho says the company is looking forward to making the first products from this new partnership available to Korean electronics companies this year.
Chris Griffith 10.30am: Optus expands Wi-Fi calling and Voice over LTE
Optus says it is offering wholesale partners voice over LTE and Wi-Fi calling, across its 4G mobile network.
It says it is the first mobile carrier network in Australia to give postpaid service providers this access.
Voice over LTE or VoLTE lets users make and receive calls over 4G LTE data, while Wi-Fi calling Lets users with the right gear text and make or receive calls where there is limited mobile coverage, but a viable Wi-Fi service. This would particularly help home and office users who have reasonable Wi-Fi, but live in a black spot.
“When Wi-Fi Calling is switched on and if there is insufficient mobile coverage, a device automatically detects and switches to an authorised Wi-Fi connection to use voice and messaging services,” says Optus in a media statement. “When using Wi-Fi Calling or VoLTE, no additional charges will be made on top of regular voice call rates and customers’ mobile data will not be consumed.”
Regulators ‘overlap’ in scam prevention draft
The draft Scam Prevention Framework could penalise telcos for abiding by one code while breaking another, the Communications Alliance has warned.
TPG aims rapid fire broadside at NBN
TPG Telecom is targeting apartment owners with its cheap and fast broadband offering – some 10 times faster than the NBN – that is achieved by ‘hot-rodding up’ old copper wire.