TikTok Enhances Security Measures to Protect User Privacy

TikTok is dedicated to creating a safe and private experience for our community. As part of our commitment to accountability, our Chief Information Security Officer, Roland Cloutier, has discussed our ongoing review of our security infrastructure and practices. We have decided to eliminate all clipboard access that is not explicitly requested by the user, including blocking SDKs that go beyond industry norms. This is to ensure that our users have greater peace of mind.

During a recent review, we discovered that certain third-party SDKs, such as Facebook's SDK, were attempting to access our users' clipboards. To address this, we have sent an update to the App Store to block this kind of SDK access.

Let me explain how we collaborate with third-party app developers. Many apps work with various developers to enable users to create great content and reach larger audiences. For example, developers like Adobe or Lightricks may launch a photo template or video editing app. We partner with these trusted developers so that users can easily share content created on third-party apps to TikTok.

When a user wants to share content from a third-party app, it is crucial that we authenticate the app. This helps protect our platform and community from malicious actors. In the past, we used UIPasteboard in iOS to copy authentication credentials to TikTok. These credentials included the third-party app's bundle ID, client key and secret, and a unique ID provided by the third-party developer to attribute the shared content. We have now removed the code that enabled this process. Moving forward, we will authenticate developers through a URL schema. We have already informed existing third-party developers about this change, and they are working on their end to ensure a smooth transition.

In the meantime, users may experience difficulty sharing videos or photos to TikTok until the third-party developer updates to TikTokOpenSDK 4.0.0. We understand that this may require extra work for developers, and we appreciate their commitment to protecting the privacy of the TikTok community.

TikTok also collaborates with third-party developers to allow users to share TikTok videos on social channels like Instagram or Snapchat. Some third-party apps access a device's clipboard through an API to enable this feature. With the new update, TikTok will only allow a third-party app to access a user's clipboard when the user explicitly initiates an action, such as sharing to Snapchat or Instagram Stories. We are working towards creating a better experience that brings joy to the TikTok community while safeguarding sensitive data and information. As Roland mentioned, security is an ongoing task, and we are determined to build an experience that respects and protects our community. We are grateful to our partners for their continuous support in helping us achieve excellence.