EXECUTIVE SUMMARY:

Earlier this month, US Secretary of State Mike Pompeo announced that the US was considering a ban on the widely popular TikTok app due to national security concerns. The app is owned by the Chinese company ByteDance, which may be providing the Chinese government with users’ information.

This past spring, iOS users found that the app could access phones’ clipboards, where people commonly store passwords, bitcoin addresses or email messages.

TikTok’s clipboard snooping:

When called out on the snooping, TikTok announced that it would end the practice.

On Wednesday, a Twitter thread suggested that the clipboard readings occurred every time that a user tapped the space bar or entered punctuation marks while writing messages. “That means that the clipboard readings can happen every second or so, a much more aggressive pace than [previously] documented.”

To alert users to apparent privacy infringements, Apple has rolled out a feature that warns users when an app attempts to access a phone’s clipboard. Users quickly discovered that it’s not just TikTok that’s spying. More than 50 popular apps from well-known organizations are also looking at your phone’s data.

“What TikTok is doing isn’t particularly new or novel, but it’s pretty much how most apps collect data and monetize themselves,” says Serge Egelman, a security expert for U.C. Berkeley.

The most concerning TikTok findings:

In January, one cyber security firm identified security flaws in the app that would have allowed attackers to access an individual’s content. A hacker could have deleted videos, uploaded unauthorized content, or revealed an account owner’s personal information, among taking other actions.

Researchers informed TikTok of the discovery, and the issue has since been resolved.

For more on this story, visit CNET.com.