SecureMac, Inc.

Is the Clubhouse iOS app safe to use?

March 24, 2021

Is the Clubhouse iOS app safe? We’ll talk about what Clubhouse is, the app’s security and privacy issues, and how to use it more safely.

Is the Clubhouse iOS app safe to use?

Clubhouse is a new social media app that’s getting very popular with iPhone users. It’s fun and it’s trendy — but is the Clubhouse iOS app safe?

As with any new technology, it’s worth taking a moment to look at the security and privacy implications before you jump in. In this short article, we’ll look at what Clubhouse is and how it works, the security and privacy issues surrounding the app, and how to use it more safely.

What is Clubhouse?

Clubhouse is a social media app. It facilitates “drop-in” audio conversations that can accommodate up to 5000 people. The chat-rooms can be either public or private. As long as you have permission from a chat-room’s organizer, you can listen in or participate. 

The app has already seen some pretty high-profile users, including Elon Musk and Bill Gates. It has also shown promise as a forum for free speech in countries where government censorship is the norm. For example, several figures from Thailand’s pro-democracy movement have used the app to hold discussions that the government would swiftly shut down on other platforms. This latter use of Clubhouse is probably why China has now banned the app!

How do I sign up for Clubhouse?

Clubhouse is less than a year old — it only launched in April 2020 — and it’s still in beta testing. While anyone can download the free Clubhouse iOS app, you can only create an active account by invitation. For that, you’ll need to get an existing Clubhouse user to invite you to the network, or join the app’s waiting list and wait for it to open up to the wider public. At the moment, Clubhouse is only available through the App Store (there is no official Android version of the app yet).

Is the Clubhouse iOS app safe?

Clubhouse is an interesting idea, and it’s creating a lot of buzz. But as we saw last year, even a major platform like Zoom (which had already been around for years) struggled with security and privacy when it received a huge influx of first-time users. 

Clubhouse is new, relatively untested, and growing fast. People are eager to join, and if you get a Clubhouse invite, it’s only natural that you’ll want to see what all the fuss is about. But before installing or using the app, take a moment consider the security and privacy issues. Here are four things to think about when deciding if the Clubhouse iOS app is safe enough for you to use:

  1. Clubhouse has had security flaws

    Clubhouse is very much under development, and as you might expect, the software developers are still working out the bugs. The problem is, some of those bugs carry security risks. Researchers at the Stanford Internet Observatory discovered that Clubhouse user and chat-room IDs were being sent to servers unencrypted — considered a poor security practice for any app. In addition, the Clubhouse API contained a flaw that was allowing third parties to “scrape” in-app audio and broadcast it via alternative platforms: something that definitely wasn’t supposed to be happening. None of this should be considered an indictment of Clubhouse, but it’s important to realize that the app is still in its early days. As with other startups and beta apps, Clubhouse is going to have bugs and flaws, and some of those can impact user security and privacy.

  2. Clubhouse has a loose privacy policy

    If you look at the Clubhouse iOS app’s privacy practices in the App Store, you’ll immediately notice that it appears to collect a lot of user data: contact information and contacts, usage data and user content, identifiers, and other types of data. Clubhouse also records audio from private chat-rooms, though they say they only retain it temporarily, and in encrypted form. According to the developers, this audio is only accessed if there is an incident report, otherwise it is deleted. The app developers’ full privacy policy spells out how they use personal data, which includes sharing with third parties or with future business partners if the app is ever acquired by a larger company. In short, Clubhouse should concern privacy-conscious users. It has already attracted the attention of European Union privacy watchdogs. A German consumer protection organization is threatening legal action against the app, and France’s data privacy agency has just opened a probe into Clubhouse’s privacy practices.

  3. Clubhouse has infrastructure in China

    Clubhouse uses backend infrastructure owned by Agora, a Shanghai-based tech company. The fact that Agora has a connection to China isn’t an automatic concern: A company is obviously not the same as its local government. But companies are subject to local laws, and China happens to have some very strict surveillance laws. Such laws can force companies to hand over user data to the authorities during a criminal or national security investigation. Agora has access to user data, and likely to raw audio as well. While it’s unlikely that raw audio data is directly processed on servers in mainland China, the company’s proximity to Beijing has been cited as a privacy concern by some observers. Incidentally, this is the same basic reason that the FBI has warned against using FaceApp, whose developers are based in Russia, a country with similarly heavy-handed laws.

  4. Clubhouse has weak moderation

    This last point is perhaps unsurprising for a semi-anonymous social media chat-room, but there have been numerous incidents of abusive behavior and derogatory language on Clubhouse. The app’s terms of service explicitly prohibit hate speech, harassment, and abuse, of course. But as pretty much every major social media platform knows, actually enforcing your terms of service is the tricky part. Clubhouse has introduced moderation features, and is trying to remove harmful members, but there’s definitely a sense that the platform is still something of a Wild West when it comes to content moderation.

How to use the Clubhouse iOS app safely

So what if you get an invite, and, after weighing the risks, you deem the Clubhouse iOS app “safe enough” to start participating? Here are a few tips to help you maximize your security and privacy while using the app:

  • Realize that Clubhouse has had security issues, and act accordingly. Don’t assume that you’re truly anonymous, or that the things you say in a private chat-room will be kept private. And always keep in mind that you’re being recorded!

  • Since Clubhouse is still working out the bugs, make sure you’re set up to get the latest security patches for the app. Go to Settings > App Store and make sure the App Updates switch is toggled On.

  • Be aware that as of right now, you don’t have to give Clubhouse access to your contacts list when you join. It’s just that you won’t be able to invite others to the network if you don’t. If that’s OK with you, consider denying the app access to your contacts when you first sign up.

  • Watch out for cross-platform tracking. The Clubhouse privacy policy states: “When you create your account, and/or authenticate with a third-party service like Twitter, we may collect … information associated with that third-party account, such as your lists of friends or followers”. So basically, if you don’t want Clubhouse seeing who you’re connected to on other social platforms, you probably shouldn’t link the app to any of them. If you want a safe, privacy-friendly login option, use Sign in with Apple.

  • Remember that Clubhouse moderation is not all that robust. If you want to avoid sensitive or offensive content, it might be best to avoid using the app until they can make it safer for all users. Needless to say, kids shouldn’t be using this app — it’s intended for adults only, so if your tween has somehow managed to score an invite, you may want to have a word!

Get the latest security news and deals