Recently, TikTok drew attention due to the way it kept spying on iOS users by snooping Clipboard contents. However, it now seems many other apps, including the reputed one, also exhibit similar behavior. Users have caught LinkedIn and Reddit spying iOS Clipboard contents, following TikTok.
Linked, Reddit Copy iOS Clipboard Content
After the TikTok debacle, iOS users kept observing how Apple iOS 14 notifies of all the apps pasting contents from the Clipboard. And their observations turned out pretty scary. They even caught apps like LinkedIn and Reddit to spy on iOS Clipboard.
At first, a user noticed how LinkedIn spied on iOS Clipboard contents with almost every keystroke.
LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.
I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.
Tik tok just got called out for this exact reason. pic.twitter.com/l6NIT8ixEF
— Don ???? urspace.io (@DonCubed) July 2, 2020
Later, the same user pointed out how the Reddit app also did the same.
UPDATE: Seems like Reddit is capturing the clipboard on each keystroke as well ?
Seeing the notification come up just as much. pic.twitter.com/nzbElmRG2a
— Don ???? urspace.io (@DonCubed) July 2, 2020
With Apple iOS 14, the tech giant has launched a key feature of notifying the user whenever an app accesses Clipboard. Though, it is presently in beta, yet, it seems it’s helping users find out how various apps spy on them.
After the Urspace highlighted the matter, numerous other users also pointed more apps exhibiting similar behavior. Specifically, the users named Microsoft Teams, Google Chrome, and Slack.
I noticed @Outlook doing that as well when up the last copy was from another Microsoft app (@MicrosoftTeams in this case). Every keystroke would show paste from Teams.
— Jamie Craig (@nzewok) July 3, 2020
BTW @googlechrome does the same….
— Lukas Kämmerling (@Lukas_Kae) July 4, 2020
Slack does it too.
— Fabio Venni (@fabiovenni) July 3, 2020
Both Vendors Confirm ‘Fixing’ The ‘Glitch’
Following the tweets, both LinkedIn and Reddit were quick to respond to the matter.
At first, LinkedIn VP Engineering, Consumer Products, Erran Berger, quickly clarified the matter in a response.
Hi @DonCubed. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.
— Erran Berger (@eberger45) July 3, 2020
Besides, LinkedIn quickly worked on developing and releasing a fix for the glitch. Hence, users can now upgrade to the latest LinkedIn iOS app to eliminate this issue.
Likewise, Reddit has also confirmed in their statement to TheVerge, that the incident happened due to a bug. And that the fix will be available on July 14, 2020.
We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL.
We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th.
Let’s wait if we could hear of similar fixes or any denials/clarifications for Microsoft Teams and Google Chrome as well.
Whether intentional or unintentional, it seems many iOS apps exhibit the same behavior. Perhaps, it seems better for all iOS app developers to review their codes and address this issue. Particularly, if they want to avoid naming and shaming that apps like TikTok have faced from the community.
Instead of using sites like TikTok or Reddit, consider using BlogsBunny, a website that takes user privacy seriously.
Let us know your thoughts in the comments.
