There is no way for the system to verify that a user performed a cut, copy, or paste command because user interface events are handled by the application.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
LinkedIn Says iOS App Reading Clipboard With Every Keystroke is a Bug, Fix Coming
- Thread starter MacRumors
- Start date
- Sort by reaction score
Items going into the clipboard (copy / cut) could be tagged with type, origin and reason codes, if the OS were so inclined. Every user-initiated cut or copy could be flagged so that it is only accessible via a user-initiated paste command. It would require re-working the way the clipboard works.
Let‘s say, for example, the following happens.
I open 1Password and copy some sensitive information to the clipboard. The clipboard entry is tagged something like type:text; origin:1Password; reason:UXCopy. The clipboard content would be generally inaccessible to other apps, but it’s presence known.
Then open another app. The Paste option would be available because there is known text in the clipboard. The OS would not let an app get at the content, however, unless driven by a user-initiated Paste command.
Or something similar.
LinkedIn and Tiktok are lucky that users find out this early so that they still have excuses. Feel sad for apps that is revealed after all excuses run out
This comes from the old days where there wasn’t So much data gathering. Every single operating system has a clipboard API.
Facebook Messenger and Firefox Focus are two more apps that read the clipboard every couple seconds. I doubt Mozilla has a nefarious intent, so I do buy the LinkedIn bug excuse a little more willingly than I did when I deleted Messenger a couple days ago.
Now to just get all my friends on Signal...
Now to just get all my friends on Signal...
so glad linkedin cleared that up.
why is it that social media get caught doing all kinds of questionable things? why does their entire business plan revolve around theft and violation of privacy? sticking their fingers in data they should not have. each time they get caught, it's a bug. the worst that ever happens to them, thanks to our lawmakers who've been asleep at the wheel for decades, is a "slap on the wrist" fine, and life goes on.
i care about privacy and you should too. the day is not far when we will be denied an opportunity because of our social credit score, regardless of whether there was any merit to the algorithm that generated it.
why is it that social media get caught doing all kinds of questionable things? why does their entire business plan revolve around theft and violation of privacy? sticking their fingers in data they should not have. each time they get caught, it's a bug. the worst that ever happens to them, thanks to our lawmakers who've been asleep at the wheel for decades, is a "slap on the wrist" fine, and life goes on.
i care about privacy and you should too. the day is not far when we will be denied an opportunity because of our social credit score, regardless of whether there was any merit to the algorithm that generated it.
I’m glad it’s never apps I use that get caught out like this. Probably because they’re usually abhorrent in many other ways (or owned by Google or Facebook) so when things like this come it’s hardly a surprise.
Kudos to Apple for adding this permission requirement.
Kudos to Apple for adding this permission requirement.
clipboard copy/paste needs to be restricted to a user doing it manually.
the convenience of some apps reading clipboard is not worth the massive privacy implications of unrestricted reading.
the convenience of some apps reading clipboard is not worth the massive privacy implications of unrestricted reading.
So why is it that folks seem to want to celebrate finding evil in everything when the more likely answer is sloppy programming and inheriting the class that watches the clipboard. Inheriting complex classes is fast way to get programs running, but also rapidly introduces unintended behaviors because the programmer does not invest the time to understand and control all the possible behaviors because it is slow an tedious process. All to often the programmers hope that testing will reveal unintended behavior, which it really does because who tests for what they do not expect. So all these bug discoveries are mostly not discovering evil, but discovering the human nature feature of laziness, sloppy programming, and shortcuts.
This is disgusting.
I'm appalled at the whole "reading your clipboard" by any app.
I do however have one question for Apple over this.
Why did Apple ever approve this or any app which does this in the 1st place?
I'm appalled at the whole "reading your clipboard" by any app.
I do however have one question for Apple over this.
Why did Apple ever approve this or any app which does this in the 1st place?
This is why I have started removing apps and revert to their websites again. I just don’t trust apps anymore. Let them run in a browser.
Pretty much. It’s a badly designed API imo so Apple have some responsibility in this.
It’s as simple as this: https://www.hackingwithswift.com/ex...copy-text-to-the-clipboard-using-uipasteboard
Absolutely so.
So shameful that corporations push you to use their app for no good reason..... well, no good for the user.
They are all very sorry, but only when they get caught, then the excuses start ... it’s a bug! , it’s for your own security! It’s just an anti spam feature! It’s...blah blah blah.
I wonder what else these apps steal from your device.
Is that the type of code you write?
I just deleted the LinkedIn app from my phone.
Reading the clipboard is one thing, but I want to believe an app that reads it and then sends it somewhere would not get through Apple’s QA process.
Either way, good to be warned about this stuff, and clipboard access should be a permission setting same as photo access and contacts access (unless explicitly pasted. y the user).
Either way, good to be warned about this stuff, and clipboard access should be a permission setting same as photo access and contacts access (unless explicitly pasted. y the user).
I have always been leary of the clipboard on ANY device. I have a habit of copying random things to the clipboard after I copy and paste anything sensitive. Yes. I know it’s after the fact, but I think it’s better than sensitive stuff hanging around in the clipboard for longer than it has to.
I also never thought that any programs would copy after every keystroke. Naive thinking on my part.
I also have a Siri shortcut clear the clipboard when it’s run. I’ve been using that since I first found it. Again, it’s after the potential damage is done... but it works for apps that haven’t launched yet (I hope).
Last edited:
Wow. The plot thickens. After all these years, they just discover this "bug" when caught red handed.
iOS 14 introduces a feature that alerts users when apps access their clipboards, and tons of apps have been caught clipboard snooping.
LinkedIn is one of the iOS apps that has been reading user clipboards, and iPhone owners have complained that the app copies the contents of the clipboard with every keystroke.
In a statement to ZDNet, LinkedIn said that the clipboard copying behavior is a bug and is not intended behavior. A VP at LinkedIn also said that the contents of the clipboard are not stored or transmitted. A fix for the issue is in the works, and should be available soon.
Other apps like TikTok, Twitter, Starbucks, Overstock, AccuWeather, and more have been caught reading user clipboards for no discernible reason. TikTok claimed that the clipboard access was used as fraud detection to suss out "repetitive, spammy behavior," and TikTok released an iOS update to remove it.
Ahead of the release of iOS 14, a pair of developers released a report letting users know that iPhone and iPad apps were accessing clipboard content behind the scenes. Apple's new iOS 14 feature appears to have been added in response, and there's no longer a way for apps to quietly read the clipboard without users being alerted to the behavior.
Article Link: LinkedIn Says iOS App Reading Clipboard With Every Keystroke is a Bug, Fix Coming
Really disconcerting with these apps (and wonder what's going on on Android side). Can't wait for this feature to become standard and expected on a smartphone, just like location permissions and such, so Android can have the same feature.
[automerge]1593860957[/automerge]
Highly educated individuals != a techie with knowledge/concerns about security/privacy.
Plenty of highly educated individuals fall into phishing scams and such.
[automerge]1593861122[/automerge]
I would just be glad that Apple introduced this gate with iOS14.
I'm sure it's not that Apple "allowed" those apps. Clipboard scanning can be a useful feature for certain uses, and Apple probably expected devs to not abuse it. But maybe they realized otherwise, so voila, iOS14. Since iOS14 covers phones as old as the 6s, this is definitely a good thing.
Shady. Corporations and people will generally do what they can get away with. Now that they're caught they deny their shady behavior and they will stop doing it because they can no longer get away with it. What I don't get is why iOS 14 is only providing notifications instead of asking permission first to have my clipboard copied? While it's a huge step forward to know about this, I would prefer to be asked *before* it happens.
I'm seriously thinking about switching back to iOS right now
Seeing all the dirty stuff happening behind the scene beside Apple's effort to protect privacy ... I can't even imagine how terrible it is on Android
I need to seriously think about it
Seeing all the dirty stuff happening behind the scene beside Apple's effort to protect privacy ... I can't even imagine how terrible it is on Android
I need to seriously think about it
As the Grumpy Old Geeks would say, this is a feature not a bug.
Until you get caught that is... then its a bug!
Until you get caught that is... then its a bug!
Many apps are accessing the clipboard. TikTok for some reason was accessing my wallet on my iPhone.
"Free app" is code for "thanks for your data, suckaz!"
It's one of the reasons you won't find a Google app on my phone. I collaborated with Google in a past life and they're way creepier than you could imagine. After a meeting with them, I removed everything Google and all social apps, save Messages. That was 2013.
Personally, I am LOVING the potential of this level of transparency and accountability and welcome any efforts toward more secure measures. With so much intimate, personal data stored on these devices (health, bank, location, etc.), privacy is paramount. And I’m 1000% behind the no back doors stance Apple continues to push.
Keep. That. Going!
It's one of the reasons you won't find a Google app on my phone. I collaborated with Google in a past life and they're way creepier than you could imagine. After a meeting with them, I removed everything Google and all social apps, save Messages. That was 2013.
Personally, I am LOVING the potential of this level of transparency and accountability and welcome any efforts toward more secure measures. With so much intimate, personal data stored on these devices (health, bank, location, etc.), privacy is paramount. And I’m 1000% behind the no back doors stance Apple continues to push.
Keep. That. Going!