iOS 14’s new privacy feature has been snitching on a lot of snooping apps in recent days, raising concerns from users and hopefully inspiring the companies behind the apps to do something about it. The latest apps caught snitching were LinkedIn and Reddit, although the companies want to assure users that they’re fixing it.
The lack of applause breaks during this year's Worldwide Developers Conference keynote meant updates to Apple's new operating systems whizzed past us at a carpal tunnel-inducing speed. It also meant that Apple zipped through the huge changes coming to iOS 14. Specifically, we were left wondering: Wait, what the fuck...Read more
LinkedIn users reported the snitching on social media, which consists of the LinkedIn app copying the contents of users’ clipboards with every keystroke. iOS 14, which is still in beta, notifies users when this happens with a banner alert. Apparently, iOS 14 found that the LinkedIn app was copying clipboard contents for seemingly no reason from multiple devices.
LinkedIn was able to copy clipboard information from multiple devices because iOS has a Universal Clipboard, according to 9to5Mac, which allows Apple users to seamlessly copy text, images, and photos on one Apple device and then paste the content on another Apple device.
LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.
I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.
Tik tok just got called out for this exact reason. pic.twitter.com/l6NIT8ixEF
— don (@m0nald) July 2, 2020
A LinkedIn spokesperson told ZDNET that this was due to a bug in the company’s iOS app and not intended behaviour. Erran Berger, LinkedIn’s vice president of engineering, addressed the problem directly on Twitter.
“We’ve traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box,” Berger said. “We don’t store or transmit the clipboard contents.”
On Friday, Berger said that LinkedIn would fix the bug. On Saturday, he followed up and said that LinkedIn had released a new version of its app in the App Store without the code.
Reddit’s snooping was also reported by users using the iOS 14 beta and shared on social media. A Reddit spokesperson told the Verge that it does not store or send the content, adding that it was releasing a fix today.
“We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL,” the Reddit spokesperson said. “We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th.”
LinkedIn and Reddit aren’t the only apps that have been caught copying clipboard contents. Researchers Talal Haj Bakry and Tommy Mysk have published a list of more than privacy role model.
According to Bakry and Mysk, TikTok has stopped doing this in a new update.
There are some pretty well-known apps on the list ” which classifies apps into the categories news, games, social networking, and other ” including CNBC, Fox News, the New York Times, Accuweather, Bed, Bath & Beyond, Overstock, and the Weather Network, among many others.
As noted by Lifehacker, although finding out that these apps are accessing your clipboard can be concerning, there are legitimate reasons for some of them to do this. For instance, the Chrome search app looks for URLs, while the UPS app searches for tracking numbers.
Legitimate uses aside, it is definitely concerning when random apps that are not performing clear and useful services like those cited above access your clipboard for no reason. What are these apps doing with the information they copy? Why do weather apps need to copy my clipboard info?
Let’s hope that all these new eyes on the issue help companies and app developers realise that snooping unnecessarily is not cool.