Zalo and other applications are encroaching on the privacy of users by automatically collecting data from the temporary storage (the Clipboard) and copy-pasting text into the offending apps.
|Zalo is supposedly taking data from mobile phone users' Clipboard |
This was discovered when iPhone users updated their operating system to iOS 14 Beta which sends alarms for every instance something is copy-pasted from one to another application. For instance, right after a user copy-pasted a link from Chrome to Safari, iOS immediately notifies users that “Safari pasted from Chrome”.
The notification also appears with the popular local chatting application Zalo, even when a user did not place anything on the Clipboard. That means the messages he typed in Messenger were pasted somewhere in Zalo without him opening the app.
It remains a question whether Zalo is purposefully gathering information from the phone’s Clipboard. This could be particularly dangerous if the copied message is an OTP code for a mobile payment transaction or passwords.
Money Keeper, another "Made in Vietnam" application is showing signs of the same violation of privacy with the alarm “Money Keeper pasted from Messenger” popping up.
Notably, the same banner appears with TikTok, one of the most popular social networks. A Twitter user shared a video about the problem.
Newswire The Verge quoted e-mail communications from a TikTok representative that, “It had submitted an update to the App Store to remove the feature, which is described as an 'anti-spam' measure. The measure was never introduced to Android devices.
"Following the beta release of iOS 14 on June 22, users saw notifications while using several popular apps. For TikTok, this was triggered by a feature designed to identify repetitive, spammy behaviour,” the representative added to The Verge