Reddit and Linkedin apps also caught copying and pasting clipboard contents

Posted on Jul 3, 2020 by Caleb Chen

linkedin and reddit caught snooping on clipboard contents

Linkedin and Reddit both check your clipboard and copy and paste your clipboard contents with every keystroke – even when you’re in another app. Another set of potential privacy violators have been called out by iOS 14’s new paste notifications. The discovery was publicized on Twitter by Don Cubed of urspace.io, who noted that his discovery was very similar to the experience of Jeremy Burge who called out Tik Tok for the same behavior early this week.

Paste notifications show which apps are snooping on your clipboard

While this malicious app behavior has only been confirmed by users on iOS, it is reasonable to assume that the same thing is happening on Android. It’s also a likely reasonable assumption that Google will release a similar privacy functionality update as paste notifications soon. This is the evolution of granular app permissions and app-permission-use notifications that are finally sweeping the smartphone world as users wake up to the fact that apps often have and use way more permissions than they need if allowed to at time of install. It seems more general users are finally garnering the outrage over privacy violations on the phone.

Smartphone users are finally waking up to the potential privacy violations from installed mobile apps

Another example – which abused access to GPS location instead of the clipboard – is the Tim Hortons app. Now, Tim Hortons is facing a class action lawsuit on top of an investigation by privacy commissioners in Canada.

On Linkedin’s part, they have responded to Don Cubed and stated that they will be making a fix for this behavior. A spokesperson for Linkedin told Cubed that the copy and pasted information from users’ clipboard is only used for an “equality check,” implying that it isn’t stored and analyzed for other nefarious purposes.

When a user uses an app and sees that an app has “pasted from another device,” it is a scary time, though. It’s completely reasonable to assume the worst – especially given the offending company’s past anti-privacy actions. Users shouldn’t have to give companies the benefit of the doubt – the extent to which mobile apps use permissions granted by the user need to be properly disclosed and there shouldn’t be these murky avenues for abuse.

VPN Service

Comments are closed.

1 Comments

  1. Jeff

    Pretty sure the researcher who found this said it only happens IF the app is open and in view on the user’s device, not if they are actively in another app. Anyway, this is Apple’s fault. They promised sandboxing and then let this happen without giving users control.

    3 months ago