Link Previews: How a Simple Feature Can Have Privacy and Security Risks

By Talal Haj Bakry and Tommy Mysk If you enjoyed this work, you can support us by checking out our apps: Ctrl – The best presentation companion for your Apple Watch Canvas – Draw Together, Wirelessly! tl;dr Link previews in chat apps can cause serious privacy problems if not done properly. We found several cases of apps […]

TikTok Vulnerability Enables Hackers to Show Users Fake Videos

By Talal Haj Bakry and Tommy Mysk UPDATE (MAY 5, 2020): TikTok rolled updates for iOS and Android in May that fixed this vulnerability. If you enjoyed this work, you can support us by checking out our apps: Ctrl – The best presentation companion for your Apple Watch Canvas – Draw Together, Wirelessly! Videos Video manipulation of […]

Popular iPhone and iPad Apps Snooping on the Pasteboard

By Talal Haj Bakry and Tommy Mysk UPDATE (AUGUST 16, 2020): More apps crossed out * UPDATE (JUNE 30, 2020): The list of apps in the original report from March 2020 is NOT an exhaustive list. We examined a sample of popular apps, and listed the ones that exhibited the behavior of excessive clipboard access. Many apps have […]

Precise Location Information Leaking Through System Pasteboard

By Talal Haj Bakry and Tommy Mysk UPDATE (JUNE 22, 2020): Apple addressed this vulnerability in iOS 14 and iPadOS 14 by showing a notification every time an app reads the clipboard. Disclaimer: We submitted this article and source code to Apple on January 2, 2020. After analyzing the submission, Apple informed us that they don’t […]