LinkedIn, Reddit, Google News and other apps caught spying on iPhone users' clipboards

LinkedIn, Reddit, Google News and other apps caught spying on iPhone users' clipboards
Last month, we told you that a new feature found in the iOS 14 beta detects when a third party app is spying on your iPhone's clipboard. The latter is the place where data is temporarily stored while being copied from one app to another. Those running the iOS 14 beta preview noticed that they were receiving notifications that apps like TikTok and even AccuWeather were sniffing around an iPhone user's clipboard and could copy things like PIN numbers, social security numbers and more. Some users received this notification every time they typed a punctuation mark or tapped the space bar on their iPhone's QWERTY keyboard.

Besides TikTok, other apps caught red-handed include Reddit and LinkedIn


Last week, Don Morton, a developer using the iOS 14 beta, was seeing a notification that Microsoft's networking app LinkedIn was copying the content of his clipboard after every keystroke. When ZDNet got in touch with LinkedIn, a spokesperson said that this was all part of a bug. LinkedIn engineering VP Erran Berger said, "We don’t store or transmit the clipboard contents." TikTok claimed that it appeared as though it was spying on iPhone clipboard data because of an anti-spam "fraud detection mechanism." The popular short-form video app said that it never copied any content from anyone's iPhone but it removed the mechanism anyway.

Morton made a list of apps that iOS 14 is catching red handed stealing clipboard data. The list includes apps that copied clipboard data after each keystroke and others that copied the data once the app was opened. The former list includes three names: TikTok, LinkedIn, and Reddit. We've already mentioned the responses from TikTok and LinkedIn. Reddit said that it is going to disseminate a software update to eliminate code that caused it to copy content from an iPhone user's clipboard. The software update is expected to be pushed out on July 14th. A Reddit spokesman sent an email to The Verge in which he wrote, "We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL. We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th." Apps that started copying clipboard content once the app was open include: Google News, Patreon, Call of Duty, Fruit Ninja, and Philips Sonicare App.

Some password manager apps will automatically clear your clipboard after a certain period of time has passed. The 1Password app has a feature that when toggled on, will automatically clear any field copied from the app to the clipboard in 90 seconds. Some say that they will ask Apple to make access to the clipboard a permission that users must agree to give to an app
.
In Morton's blog post he wrote that this is a real problem. He said, "This is a problem. However, the real problem and thing that scares me is the fact that ANY app has the ability to access the clipboard without permission. I could easily see "phishing apps" starting to pop up (if they are not already) with the sole intention to scrape as much clipboard data as possible. To me, this is just as bad or even more worrying than the companies that have already been called out for it. For the most part, the companies that have been getting called out have motive to be "good." I’m just starting to think about companies or apps that have no intention of being good."

Once the notifications start appearing for everyone when the final version of iOS 14 drops, we will certainly have a better idea about how widespread this problem is.

Story timeline

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless