Yesterday, LinkedIn made the news after being exposed by Apple’s iOS 14 new feature for privacy notification. The same developer who discovered the LinkedIn app with access to their clipboard data with each keystroke, Don Morton, has also posted a video on Twitter showing the Reddit app with the same worrying behavior.
The new feature in iOS 14, which has not yet been released to the public, alerts the user when another app accesses text in Apple’s clipboard. Stickers, as they are known, have already received a major scalp in the form of TikTok, although the viral video app was hardly alone.
A total of 53 apps were found to have access to the clipboard information at startup, but TikTok dipped into the tasks with a few keystrokes.
TikTok responded quickly and told the world that it did not receive or store any clipboard data and functionality had been disabled in an app update on June 27.
When Morton found LinkedIn also involved in “every keystroke” of clipboard data, it responded quickly through Erran Berger, vice president of technology for consumer products. In a tweet, Berger pointed out that the code path performed an “equality check” between the clipboard content and entered into a LinkedIn box.
When I contacted LinkedIn to get an explanation of what it actually means, a spokesman told me in an email that “equality control is a publicly referenced term, so we have nothing to add.” However, Berger tweeted that a fix would go live that stops the behavior.
A Reddit spokesman told The Verge that it had traced the behavior down to “the post composer looking for URLs on the carton and then proposing a post title based on the text content of the URL.” Reddit also said that it does not store or send the contents of the board and a fix to the app, and deleting the relevant code, will be released on July 14.
It is perhaps surprising that it has taken so long for these privacy-restricted behaviors to come up with the beta of iOS 14. Back on February 24, two app developers, Talal Haj Bakry and Tommy Mysk, explained how they had discovered location information that leaked through the system’s whiteboard. “Apple informed us that they see no problem with this vulnerability,” the pair said at the time.
One can’t help but wonder which app will be captured and dipped in the clipboard data next? Maybe it’s time for every app developer to make sure they won’t do the news headlines for privacy and technology tomorrow …
I have reached out to both Reddit and Apple for further comments and will update this article if there is anything more to add.