Tiktok addresses security concerns
Social media platform Tiktok has attempted to dispel concerns around how it accesses and uses its users’ data after it was revealed that the platform had access to the data stored on device clipboards.
Since the launch of iOS 14 early last week, users of a number of popular apps were being notified when their clipboard was being accessed. Tiktok users received a notification whenever they began typing in a text field on the app.
Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification pic.twitter.com/OSXP43t5SZ
— Jeremy Burge (@jeremyburge) June 24, 2020
A device’s clipboard is where images or text is saved when copied from one app and pasted into another.
Tiktok’s chief information security officer, Roland Cloutier, has now claimed that access was only gained to clipboards for the benefit of an anti-spam feature, and that data was never sent off to a third party.
In a blog post published on Tiktok’s media room, Cloutier said the platform had been working to reduce incidents of users posting the “same comments on hundreds of videos” which can “signal that the user had an agenda, such as promoting themselves to gain followers, or trolling other users”. An anti-spam feature was developed, identifying repeated use of content saved on the clipboard, and released in Tiktok’s iOS app update on May 22.
The notifications users began receiving were triggered by the launch and installation of the iOS 14 Beta software.
“From a technical point of view, this anti-bot defence technology performed a string matching validation from the clipboard. Its only function was to validate whether matched text inputted into the application came from the clipboard. There was no collection of any data on the clipboard, simply a validation against data input into the app, like hashing validation,” Cloutier explained.
“In layman’s terms, the anti-spam program never sent user data off the user’s device. Nonetheless, we understand that the notification had the unintended consequence of making it appear as though we might be doing more with the feature.”
Cloutier said an update to the Tiktok app which had removed the anti-spam, version 16.6.1, was sent to the Apple app store on June 27. Tiktok is now working to address the spam problem on both Apple and Android devices without the use of the clipboard.
Cloutier acknowledged that users have the right to be concerned about what companies are doing with their data.
“We appreciate that it would have been better to avoid adding a feature that would raise questions about Tiktok’s access to the clipboard in any scenario, particularly so shortly after we had worked to eliminate this type of access for a different feature,” Cloutier said.
“We also understand that while many apps are triggering this type of notification, often for innocuous reasons, users have legitimate questions about what companies are doing with data. We fully accept that and strive to be a leader in the industry, not only working every day to protect the safety and privacy of our users, but also being transparent and forthright about our practices.”
Further, Coultier wrote that he is conducting a ‘sprint initiative’ to study ongoing app security assessments and a full review of all clipboard issues, such as any type of clipboard access that was not directly initiated by the user.
Later this year, Tiktok will be opening its ‘Transparency Center’, that will give experts “a behind-the-scenes look at how we keep people safe and protect their privacy”.
Coultier concluded: “Security is a job that is never finished, but I can tell you we’ll continue to aggressively build an experience that respects and protects our community.”
The Chinese-owned app has recently been banned in India over national security concerns.
This is not even the tip of the iceberg for Tik-tok. The app is basically an espionage tool, masked as a social media network. There is a lot of research around the internet that’s worth looking into e.g. : https://penetrum.com/tiktok/Penetrum_TikTok_Security_Analysis_whitepaper.pdf
User ID not verified.
…but Tic Tok is a 3rd party company when using data or content from – in this case – Instagram…
User ID not verified.
I really don’t see the value in this platform for brands. It’s the new shiny toys on the shelf but has already proven to be untrustworthy on multiple occasions when it comes to utilising user data in-line with privacy laws. India has some of the most advanced developers in the world so the fact that their government has banned the app all together is saying something.
Gandhi’s quote said it all…
“Further if we are requested to in the future we would not do so.”
Meaning they will continue to be dodgy with user data in the future unless told not to.
Full quote below:
“TikTok continues to comply with all data privacy and security requirements under Indian law and has not shared any information of our users in India with any foreign government, including the Chinese government. Further if we are requested to in the future we would not do so. We place the highest importance on user privacy and integrity,” Gandhi says.
User ID not verified.
Wonder what the guys who set up the first local TikTok creative agency have to say about it…
User ID not verified.
Not convinced. I am a fan of the content but have deleted the app.
User ID not verified.