Bit I wonder why everyone talking about one specific app?
I see a huge bias towards TikTok in headlines
"iOS 14 caught TikTok and other apps spying on the clipboard" 
"iOS 14 beta shows apps like TikTok still spy on your iPhone" 
There a bunch of apps like VICE, Google News, WSJ that has been caught doing exactly the same. 
I may find the explanation why TikTok did that. In China WeChat blocks direct links to their competitors. So apps like Taobao or Douyin have to find a workaround for deeplinks.
When you want to share the video from Douyin with a friend in WeChat, Douyin generates the following message.
在东京刚毕业入职三个月的职场小白 搬家找房 坚持更新#日本vlog #东京 https://v.douyin.com/J8ceMYY/ 复制此链接，打开【抖音短视频】，直接观看视频！
In WeChat the link is not clickbale. To see the content user has to copy full text and go to the Douyin. The app will read the clipboard and perform the transition to the video. On the link below you can find the video - explanation 
Probably they had re-use some code in TikTok. Definitely they need to be more accurate towards data safety but I don't think they really made a pipeline for spying using clipboard.
There is a lot of buzz around TikTok these days, but I want to get an answer from other apps as well.
In this particular case, I think it's because the person who apparently discovered it claims that other apps "don't collect anywhere near the same amount of data that TikTok does". 
> For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same amount of data that TikTok does, and they sure as hell aren't outright trying to hide exactly whats being sent like TikTok is. It's like comparing a cup of water to the ocean - they just don't compare.
> I'm getting a lot of DM's asking me to prove the majority of this with a paper and snippets of the offending code. I have a decent amount of my notes on my other laptop that recently had a motherboard failure and the majority of that data is on the laptop's SSD. It's a macbook pro, so recovering the data isn't exactly super simple. I have some frida scripts that I pushed to my git server as well as some markdown files + conversation logs I've had with exploit devs, but not much else. In order to get everyone the proof they require, I'll likely need to reverse the app all over again which isn't something I have time for right now.
That sounds like "dog ate my homework", but well, sh*t may happens.
> Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
What so special about it?
> Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)
That interesting indeed. I heard some developers did that as well (Uber-Lift case ?) but it really strange that Android enables that.
I'm not an Android dev, but I guess you can retrieve that through PackageManager?
> Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
> Whether or not you're rooted/jailbroken
My bank app does the same as well as plenty of other apps. Again, I mostly iOS guy, so not familiar with Android ecosystem that well.
> They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication
That sucks. Can anyone explain why they do that?
> On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets
Bold statement without any facts, tbh.
I don't wanna play devil's advocate and I don't support CCP or a big fan of TikTok.
I really enjoy reading well-made security research that unveil security valuation in Chinese app. 
But hardly rely on the posts without clear any data reinforcement
> Honestly it is okay to discuss the bar behaviours of an app without blaming other apps.
OP explained the reason for doing so, how can we just discuss the problem without checking the cause?
1) TikTok is one of the most popular apps and was the second most downloaded last year . Come on, they are at the top. That's why we talk about them.
2) TikTok has been caught in a lot of privacy scandals that appear to be more egregious than other apps.
3) There's a deep seated fear, and evidence, that Chinese companies share their data with their government.
It is all three, but mostly #1.
These are the same event, why are you posting two instances of the same event like "TikTok is unfairly being targeted?"
> There a bunch of apps like VICE, Google News, WSJ that has been caught doing exactly the same. 
People are upset about that too. But frankly, VICE and the WSJ don't have as many downloads as TikTok. Even if you combine their total downloads they don't account for a tenth (<1/10th!!!!) of TikTok's downloads. Frankly I don't understand the logic here. Ignore the top dog just because others are doing the same thing? Just because others do it doesn't make it right and of course we should go after the one that's the biggest.
If you're bigger, people pay more attention to you. That's why TikTok is getting "singled out." BECAUSE TIKTOK IS ONE OF THE MOST POPULAR APPS IN THE WORLD! It doesn't matter what other apps do. That doesn't justify bad behavior. Am I the only one whose mom said "If all your friends jumped off a cliff, would you?"
How did the #DeleteFacebook movement impact the companies business? Not that much I believe. The stocks keep rising.
Would be interesting to see what will happen to Bytedance product?
> 3) There's a deep seated fear, and evidence, that Chinese companies share their data with their government.
Can you share the evidence of that please?
Apparently Bytedance cut Domestic Engineers' Data Access to TikTok 
> Can you share the evidence of that please?
Not the parent commenter, but you may find this paper informative/insightful:
"Systematic Government Access to Private-Sector Data in China" (2017) 
Not by any means the only source, just happens to be one I read recently.
I'm going to start by saying "No they don't." They don't _have_ to do anything. They decided to.
> In WeChat the link is not clickable. To see the content user has to copy full text and go to the Douyin. The app will read the clipboard
They could have chosen to give you a place to put links without snooping your clipboard. That was a decision they made.
> I don't think they really made a pipeline for spying using clipboard.
Does the app spy on the user's clipboard? Yes. QED.
> Chinese users have been complaining that WeChat’s practice of blocking certain apps is a huge blow to user experience. But WeChat isn’t the only one doing it. Chinese tech companies constantly add services to their own ecosystems and block services from other companies, leading some tech watchers to say that China’s mobile internet has been split into pieces.
Hope they can fix it one day
Taobao/Douyin/etc could save face today by giving you a place to enter links instead of spying.
Why every app(facebook,twitter,youtube....) of US is banned by China? But China's company can earn money in America?
Why US government allow this happen? They are huge threat to the safe of America!