Cedric Fung

Mixin me 25566

Why TikTok Snoops Clipboard Contents

Jun 26, 2020

TL;DR: TikTok and many popular Chinese apps, including Taobao, Baidu, and Alipay, to name a few, snoop clipboard contents, because Tencent censors and forbids almost all kind of links sharing in WeChat and QQ.

I don’t refer Chinese apps as apps developed by Chinese companies or developers. An app would be considered as Chinese app if it’s developed by Chinese Internet best practices and has WeChat, QQ, Aliyun or any other popular Chinese SDKs or cloud services integrated.

The Chinese Internet

There are some discussions about TikTok spying clipboard contents since the iOS 14 announcement, and TikTok is not the only one accessing clipboard silently, almost all Chinese apps have this feature. Yes it’s a feature, not a bug, very common in China. And this is not the only feature that would raise privacy concerns, there are much more serious ones. They all originate from a wall.

The Web was popular because America, almost all technologies, from the silicon to JavaScript, get their success from America and the Chinese Internet was without exception. All the earliest Chinese websites are just simple copycats of American websites, and the best part is most Chinese engineers can learn from the real Internet and get the best practice.

A wall can literally change all things, especially the Great Firewall of China (GFW) that stands in such a high pace network. The Chinese Internet is completely obsolete from that real one, and GFW has become stronger than ever in growing this walled garden. And the worst part of the wall is that Chinese engineers lose their access to the best practice.

I dare you find the API doc of WeChat, or understand it even if you could find it, or think its design matches the WeChat app.

WeChat Open Platform

They have thousands of developers in Tencent, and can’t even make a readable API doc, the result is most Chinese engineers believe that is the golden bar, they learn from those bad practices because they don’t know the existence of the real Internet and other practices. Think they could access GitHub?

Buy GitHub star

Yes, sometimes the GFW will open GitHub access and those Chinese engineers will abuse GitHub by buying stars and forks from Taobao. They access GitHub also with bad practices, like they all use the same programming languages, Golang, C, Java or Python, but still make bad apps.

Those Chinese tech giants are all like Tencent, they succeed not because they make a good product or have good technology, because they never play with rules. It’s no surprising to find your front camera pop up whenever you open Alipay on OnePlus 7T Pro, and you won’t be shocked when you found QQ deleted your photos silently without consent.

They abuse your privacy, but they truly believe they are serving you good, because the wall has absurd messed up their minds.

Tencent

Tencent is almost the full history of Chinese Internet, it begins as a copycat of ICQ, then gains unbeatable monopoly and formulates the best practices of Chinese apps. Foreign presses always incorrectly compare it with Facebook. Facebook can never grow to the same level of Tencent. Tencent is the fundamental of Chinese Internet, they make the rules, but terribly bad rules.

All smart phones have WeChat as the default messaging app which you can’t uninstall, and WeChat has the highest priority to receive notifications. Because no Google Play in Chinese Android phones, developers can’t deliver notifications reliably and they will never be able to, instead most developers are now developing in WeChat and deliver notifications with WeChat. When do you think Facebook could get this? Impossible.

Almost all ISP and mobile data plan have data discrimination to allow you access all Tencent services for free. And people control smart-home devices with WeChat, people would even be able to control electric cars like Tesla within WeChat. And Tencent is also large share holders of all recent listed tech companies including Pinduoduo (PDD) and Meituan.com, the most important part is most people use those companies’ services directly from WeChat. I don’t believe Facebook can achieve this.

The government not only doesn’t investigate in this level of monopoly, but also allow those discriminations. The result is all developers, including another monopoly Alibaba and ByteDance (company behind TikTok), must all follow the rules of Tencent and see WeChat censor almost everything. Whenever you wanna share a product from Taobao to your friends, you must share some garbled text. And your friends copy the text, open Taobao then the app will analyse your clipboard to show the product to you.

Buy GitHub star

Here is something similar from TikTok “不好意思大家,重发一遍。你们说她是不是早有预谋..? #买鞋 #鞋控;##7qgUljHrt98##抖音”.

China is quickly migrating all things to that Tencent net. Tencent is China.

Best Practice

For a consumer, the best practice to protect your privacy is never using a Chinese app, or a Chinese mobile phone. If you have the need for Chinese apps, buy an iPhone because it has the best privacy protection sandbox. But never ever transfer any data through WeChat or similar things.

For a developer, the best practice to have your app succeed as a good product is never targeting Chinese market, whether consumer or business; the best practice to have your user privacy protected is never using a SDK or cloud services located in China.

Don’t learn from the success of Tencent, just like you should never learn from North Korea.

References List

  1. Hacker News: iOS14 reveals that TikTok may snoop clipboard contents every few keystrokes
  2. Wikipedia: Chinese Great Firewall
  3. WeChat Open Platform
  4. Twitter threads on QQ delete photos
  5. Alipay always try to access the camera without consent

About the Author

Core developer of Mixin Network. Passionate with security and privacy. Strive to formulate elegant code, simple design and friendly machine.

25566 @ Mixin Messenger

https://vec.io