Reddit and LinkedIn will fix clipboard snooping in their iOS apps
Both characterize the behavior as a design flaw.
The clipboard privacy feature in iOS 14 is prompting more major developers to tone down their apps’ nosy behavior. To start, Reddit told The Verge in a statement that it would fix code in its iOS app that copies clipboard data with virtually every keystroke, as Urspace.io co-founder Don Morton discovered. There’s a “codepath” in the post composing tool that checks for web links in the clipboard and suggests titles based on that link, Reddit said. It stressed that it “do[es] not store or send” clipboard data, and expected the fix to arrive on July 14th.
As ZDNet reported, this came shortly after LinkedIn VP Erran Berger promised a fix for a similar flaw in its iOS client that Morton also found. In this case, it stems from an “equality check” between the clipboard and what you’ve typed into a text box. Berger didn’t say when users could expect a fix, but he vowed a follow-up once the solution was available in the LinkedIn app.
While this clipboard snooping from Reddit and LinkedIn appears to be non-malicious, like you’ve seen with numerous other apps, It still suggests that iOS 14’s clipboard alerts are useful. At the least, it could reassure users by prompting developers to only gather clipboard info when necessary. It might also provide a security benefit by reducing the opportunities for intruders to grab sensitive information, especially from apps that share the clipboard with your nearby Apple devices.
UPDATE: Seems like Reddit is capturing the clipboard on each keystroke as well 😕
Seeing the notification come up just as much. pic.twitter.com/nzbElmRG2a— Don 𝘧𝘳𝘰𝘮 urspace.io (@DonCubed) July 2, 2020
Hi @DonCubed. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.
— Erran Berger (@eberger45) July 3, 2020