First it was TikTok, then LinkedIn, now Reddit.
Yesterday it was LinkedIn who made the news after being exposed by Apple’s new iOS 14 privacy notification feature. The same developer who saw the LinkedIn app accessing his clipboard data with every keystroke, Don Morton, also posted a video on Twitter showing that the Reddit app exhibits the same troubling behavior.
The new feature in iOS 14, which has not yet been released to the general public, alerts the user when another application accesses the text inside the Apple clipboard. Paste notifications, as they are known, already have a large scalp in the shape of a TikTok, although the viral video app was barely alone.
A total of 53 applications were found to be accessing the clipboard data at startup, but TikTok was diving into the data with every few keystrokes.
TikTok responded quickly, informing the world that it did not receive or store any clipboard data and that the functionality had been disabled in a June 27 app update.
When Morton discovered that LinkedIn was also involved in capturing “every keystroke” of clipboard data, he responded quickly through Erran Berger, vice president of engineering for consumer products. In a tweet, Berger stated that the code path was performing a “equality check” between the clipboard content and that it was typed into a LinkedIn text box.
When I reached out to LinkedIn for an explanation of what it really means, a spokesperson told me in an email that “equality checking is a public reference term, so we have nothing to add.” However, Berger tweeted that a solution would be released to stop the behavior.
A Reddit spokesperson told The Verge that it had tracked the behavior down to the “post composer who checks the URLs on the dashboard and then suggests a post title based on the content of the URL text.” Reddit also said that it does not store or send the dashboard content and that a solution for the app, removing the relevant code, will be released on July 14.
Perhaps surprisingly, it took so long for these privacy-related behaviors to come to light with the beta release of iOS 14. On February 24, two app developers, Talal Haj Bakry and Tommy Mysk explained how the information from Discovered location leaked through system panel “Apple informed us they don’t see a problem with this vulnerability,” the couple said at the time.
One can’t help but wonder which app will get caught diving into the clipboard data below. Maybe now is the time for every app developer to verify they won’t be in the headlines of privacy and technology news tomorrow …
I reached out to Reddit and Apple for more feedback and will update this article if there is anything else to add.
.
