iOS 14 Reveals LinkedIn, Reddit Apps Also Copying Clipboard
Apple’s upcoming iOS 14 has found two more apps that controversially mimic the content of a user’s clipboard – the professional networking platform and job search website LinkedIn, and the popular online forum Reddit.
The beta release of iOS 14 includes a new security feature that alerts users when reading the app’s iPhone clipboard, where potentially sensitive data such as passwords can be stored. The feature has exposed a number of apps that have been to blame for such practices, including TickTalk, even though the video-sharing platform was caught months ago and promised it would shut down after being caught with a security issue.
Don Morton, co-founder of website builder Urspace, found LinkedIn’s evidence copied continuously to the clipboard of his MacBook Pro while he was on his iPad Pro.
Hi @DonCubed. Appreciate it as you grow. We discovered this on a code path that only examines the similarity between clipboard content and the content currently typed in the text box. We do not store or broadcast clipboard content.
& Mdash; Eran Berger (@ eberger45) July 3, 2020
LinkedIn’s vice president of engineering, consumer products, Erran Berger, quickly responded to Morton’s discovery. In a quick change, Apple’s App Store released an updated version of the platform’s iOS app.
Update: We have released a new version of our app on the iOS App Store which removes this code.
& Mdash; Erran Berger (@ eberger45) July 4, 2020
Morton found the same issue with Reddit, capturing the clipboard with each keystroke.
UPDATE: Looks like Reddit capturing clipboard on every keystroke ????
On seeing the notification came pic.twitter.com/nzbElmRG2a
& Mdash; Don ???????????????? urspace.io (@DonCubed) July 2, 2020
Reddit has also reacted to Morton’s post in a statement, claiming that the app does not store or send clipboard content as of July 14.
A spokesperson for Reddit wrote in an email to The Verge, “We tracked a codepath in Post Composer, which checks the URL in the pasteboard and then suggests the post title based on the URL’s text content.”
In a blog post, Morton wrote that the real problem was that any app has the ability to access the iPhone’s clipboard without permission from the device owner. He suggested that Apple and Google require apps to ask users for permission before viewing their clipboard, and Digital Trends has reached out to additional comments on the matter.