Tiktok addresses security concerns

Social media platform Tiktok has attempted to dispel concerns  around how it accesses and uses its users’ data after it was revealed that the platform had access to the data stored on device clipboards.

Since the launch of iOS 14 early last week, users of a number of popular apps were being notified when their clipboard was being accessed. Tiktok users received a notification whenever they began typing in a text field on the app.

A device’s clipboard is where images or text is saved when copied from one app and pasted into another.

Tiktok’s chief information security officer, Roland Cloutier, has now claimed that access was only gained to clipboards for the benefit of an anti-spam feature, and that data was never sent off to a third party.

In a blog post published on Tiktok’s media room, Cloutier said the platform had been working to reduce incidents of users posting the “same comments on hundreds of videos” which can “signal that the user had an agenda, such as promoting themselves to gain followers, or trolling other users”. An anti-spam feature was developed, identifying repeated use of content saved on the clipboard, and released in Tiktok’s iOS app update on May 22.

The notifications users began receiving were triggered by the launch and installation of the iOS 14 Beta software.

“From a technical point of view, this anti-bot defence technology performed a string matching validation from the clipboard. Its only function was to validate whether matched text inputted into the application came from the clipboard. There was no collection of any data on the clipboard, simply a validation against data input into the app, like hashing validation,” Cloutier explained.

“In layman’s terms, the anti-spam program never sent user data off the user’s device. Nonetheless, we understand that the notification had the unintended consequence of making it appear as though we might be doing more with the feature.”

Cloutier said an update to the Tiktok app which had removed the anti-spam, version 16.6.1, was sent to the Apple app store on June 27. Tiktok is now working to address the spam problem on both Apple and Android devices without the use of the clipboard.

Cloutier acknowledged that users have the right to be concerned about what companies are doing with their data.

“We appreciate that it would have been better to avoid adding a feature that would raise questions about Tiktok’s access to the clipboard in any scenario, particularly so shortly after we had worked to eliminate this type of access for a different feature,” Cloutier said.

“We also understand that while many apps are triggering this type of notification, often for innocuous reasons, users have legitimate questions about what companies are doing with data. We fully accept that and strive to be a leader in the industry, not only working every day to protect the safety and privacy of our users, but also being transparent and forthright about our practices.”

Further, Coultier wrote that he is conducting a ‘sprint initiative’ to study ongoing app security assessments and a full review of all clipboard issues, such as any type of clipboard access that was not directly initiated by the user.

Later this year, Tiktok will be opening its ‘Transparency Center’, that will give experts “a behind-the-scenes look at how we keep people safe and protect their privacy”.

Coultier concluded: “Security is a job that is never finished, but I can tell you we’ll continue to aggressively build an experience that respects and protects our community.”

The Chinese-owned app has recently been banned in India over national security concerns.


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.