Apple’s upcoming iOS 14 has found two more apps that controversially copy the contents of the user’s clipboard – professional networking platform and job search website LinkedIn, and popular online forum Reddit.
The beta release of iOS 14 includes a new security feature that alerts users when an app is reading the iPhone’s clipboard, where potentially sensitive data such as passwords may be stored. The feature has exposed several apps that are guilty of such practices, including TikTok, even after the video-sharing platform was caught months ago and promised then that it would stop after being caught with the security issue.
Don Morton, co-founder of website builder Urspace, found evidence of LinkedIn continuously copying the contents of his MacBook Pro’s clipboard while he was on his iPad Pro.
Hi @DonCubed. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.
— Erran Berger (@eberger45) July 3, 2020
LinkedIn’s vice president of engineering, consumer products, Erran Berger, quickly responded to Morton’s discovery. In a quick turnaround, an updated version of the platform’s iOS app was released to Apple’s App Store.
Update: we have released a new version of our app to the iOS App Store that removes this code.
— Erran Berger (@eberger45) July 4, 2020
Morton found the same issue with Reddit, with the clipboard being captured with each keystroke.
UPDATE: Seems like Reddit is capturing the clipboard on each keystroke as well ????
Seeing the notification come up just as much. pic.twitter.com/nzbElmRG2a
— Don ???????????????? urspace.io (@DonCubed) July 2, 2020
Reddit has also responded to Morton’s post in a statement, claiming that the app does not store or send the clipboard contents, with a fix to be released on July 14.
“We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL,” a spokesperson for Reddit wrote in an email to The Verge.
In a blog post, Morton wrote that the real problem was that any app has the ability to access the iPhone’s clipboard without asking permission from the device’s owner. He suggested that Apple and Google require apps to ask permission from users first before looking into their clipboards, and Digital Trends has reached out for additional comments on the matter.