LinkedIn says its extra intense clipboard snooping in iOS is a bug

LinkedIn’s iOS app has taken the ongoing issue of snooping at users’ clipboards to whole, new level. The company has already said it’s a mistake that will be fixed.

The issue of iOS apps monitoring copy-paste data has been a subject of concern since March, when a pair of software developers published their research. Tommy Mysk and Talal Haj Bakry discovered that a large number of existing apps (at the time) checked out users’ clipboard data every time those apps were opened.

This is alarming when you really sit down and think back on all the times you’ve copy-pasted sensitive data, such as a sign-in credentials from your password locker or a credit card number that you don’t feel like typing in again. If you haven’t done that, great. But plenty of people have. And you probably don’t want strangers peeping at your clipboard data regardless.

The snooping issue reared up again in recent weeks with the beta release of iOS 14. Apple’s next major operating system update for iPhone includes a new feature that lets people look at how their data is being accessed, something that’s been described as the privacy equivalent of “nutrition labels.”

As people started playing with the beta, some discovered that a number of major apps, like TikTok, are still doing some form of clipboard snooping. On Thursday, one Twitter user, Don Morton, demonstrated how LinkedIn’s snooping is among the most invasive examples, with the app copying what’s in the clipboard with every keystroke.

LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.

I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.

Tik tok just got called out for this exact reason.

— Don 𝘧𝘳𝘰𝘮 (@DonCubed) July 2, 2020

Morton also discovered that Reddit’s app is doing the same thing. (A fix is in the making for that as well.)

UPDATE: Seems like Reddit is capturing the clipboard on each keystroke as well 😕

Seeing the notification come up just as much.

— Don 𝘧𝘳𝘰𝘮 (@DonCubed) July 2, 2020

Morton went and wrote at greater length about the real issue with this snooping in a Substack post. While these companies ought to fix their apps, he wrote, the bigger issue is that such data is accessible to developers in the first place.

“I could easily see ‘phishing apps’ starting to pop up (if they are not already) with the sole intention to scrape as much clipboard data as possible. To me, this is just as bad or even more worrying than the companies that have already been called out for it. For the most part, the companies that have been getting called out have motive to be ‘good’. I’m just starting to think about companies or apps that have no intention of being good,” Morton wrote.

The Substack post also includes a list of major apps that are still doing the snooping (and any company response, when there is one). He also recommends checking to see if your password manager has a feature that wipes clipboard data after a short amount of time.

LinkedIn exec Erran Berger responded to Morton’s tweet with a technical explanation of what’s happening here, adding that “we don’t store or transmit the clipboard contents.” A company spokesperson later confirmed to ZDNet that the issue is a bug, and work is already underway on a fix.


Related posts