LinkedIn Caught Copying Data from iOS Clipboard

Posted on July 6, 2020 by Paul Thurrott in iOS, Microsoft with 24 Comments

Microsoft’s LinkedIn has been called out for repeatedly copying data from the iOS clipboard. The firm says it was a bug, and not malicious behavior.

“LinkedIn is copying the contents of my clipboard [with] every keystroke,” a Twitter user tweeted late last week. “iOS 14 allows users to see each paste notification.”

That same user notes that several other apps are likewise copying data from the iOS clipboard, including Accuweather, AliExpress, Call of Duty Mobile, Google News, Overstock, Paetron, and Tik Tok.

LinkedIn says the behavior is just a bug and that it will fix it in an app update.

“We’ve traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box,” Microsoft’s Erran Berger tweeted in response to the earlier tweet. “We don’t store or transmit the clipboard contents.”

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (28)

28 responses to “LinkedIn Caught Copying Data from iOS Clipboard”

  1. SvenJ

    "only does an equality check between the clipboard contents and the currently typed content". Amazing how code that does a specific function accidentally got in there. That is stretching the definition of bug. But, since so many companies seem to have been affected by this 'bug', must be true.

    BTW, I can see wanting to compare contents of the clipboard with what is in the text box, or at least what is highlighted, but only if I have explicitly copied text to the clipboard, not every time I type a letter. An app has no business reading from the clipboard unless I invoked 'paste'.

  2. jimchamplin

    Sure are a lot of apps suffering from the very same incredibly specific bug lately.

    • Paul Thurrott

      I literally mentioned all those companies in the post. "Several other apps are likewise copying data from the iOS clipboard, including Accuweather, AliExpress, Call of Duty Mobile, Google News, Overstock, Paetron, and Tik Tok."
  3. markbyrn

    So Apple with it's self-proclaimed emphasis on privacy has waited until iOS 14 (still in beta) to advise customers that apps are surreptitiously copying the clipboard. I think Mr. Cook needs to re-prioritize his work-day.

    • pdhemsley

      In reply to markbyrn:

      Which other operating systems provide this visibility to users?

      • longhorn

        In reply to pdhemsley:

        On Android 10 and later only if LinkedIn has focus can it access the clipboard. So if you copy and paste between two different apps, LinkedIn can't access that data.


        Clipboard permission should be per app, there is no excuse for this recklessness on a supposedly modern platform. That this bug is possible shows a weakness in iOS and to some extent in Android too.


        It's a bit embarrassing for Apple actually, just like those SMS messages that manage to crash iOS. The last incident is from April 23rd this year reported by 9to5mac.


  4. aelaan

    Oddly enough it points to iOS 14, which is in early beta. Maybe the finger is pointing in the wrong direction and this is not a LinkedIn issue but the app and iOS?

    • jimchamplin

      In reply to aelaan:

      Actually, it's iOS 14 working as designed. This has been a security/privacy loophole for a while. Apple is just closing it. Sure, there are some valid reasons to read the clipboard, but to do so with the frequency that these apps that are being discovered is not sensible. Some of them are hitting it multiple times a second. And none of the ones that have been caught have legitimate reasons to be doing so.

  5. anoldamigauser

    Probably a bad line of sample code that got copied over and over again. It would certainly not be the first time something like that has happened.

  6. iantrem

    Given it's widespread "use" is this going to be down to a JavaScript plug-in or other 3rd party component?


    I can't believe all the websites mentioned would use this deliberately in the same way.

  7. winner

    A week or two ago, Paul wrote an article about Microsoft complaining about Apple's anti-competitive practices. At the time, I mentioned that it was a bit of karma that Microsoft was complaining about Apple, given Microsoft's history.


    Paul suggested that I "get over it", as that Microsoft behavior was "millions of years ago".


    Yet it was only 5 years ago or so that Microsoft changed the default behavior of a dialog box that caused my 80-year-old mother's computer to upgrade to Windows 10. And now they've been caught stealing clipboard information on LinkedIn.


    Sorry, I don't think Microsoft has really cleaned up their act. I stand behind my beliefs about their inherent nature.

    • Paul Thurrott

      In reply to Winner:

      Dear God.


      Yes, do get over it. This is a different company. And this LinkedIn thing is just a bug. My God, all the bad things going on in tech and this is what you cling to?


      Come on.

      • ontariopundit

        In reply to paul-thurrott:


        We don't need to look to 20 years ago to find Microsoft's unrepentant nature when it comes to their anti-competitive behavior.


        Consider Windows 10 S: "you can only have only ONE browser, and only ONE default search engine, and you can't replace either".


        Ostensible this was to 'protect' users by having full control over the browser rendering engine. This wasn't to protect users by controlling the rendering engine, this was to give a mediocre search engine extra eyeballs, and (ab)use a market monopoly to give a failed browser a new shot at life.


        At the time Windows 10 S came into the world, many in the Windows fanboi community pointed with glee at Apple's iOS as proof that criticism of Microsoft wasn't fair.


        No, criticism of Microsoft as continuing to show its anti-competitive streak 20 years later was and still is fair. Bill Gates, the architect of the worst anti-trust atrocities, is now gone from day-to-day operations, but the desire to abuse a monopoly lives on.


        Windows 10 S went much farther than iOS ever did. Sure, it is only recently that Apple has begun allowing a different default browser--which, AFAIK, is still not permitted under Windows 10 S [mode]--but Apple has always given users the option to change the default search engine, including to the deservedly maligned and mocked Bing!


        We still do not have FireFox, Chrome or Opera in the Windows Store. Windows Store effectively bars those browsers from the Windows Store through its TOS. Umm. Monopoly abuse?!?!

        • Paul Thurrott

          What a horrible world you think you live in. The scourge that is S mode! The oppression! You need a monopoly to abuse a monopoly. S mode was installed on only a tiny percentage of computers and you can switch to full Windows 10 at any time for free. But let's take your argument at face value, after we peel back the incendiary language. You compared it to iOS. Where you can't switch to a version of the OS that isn't locked down for free or for any fee. That is the only choice on that platform. That is literally a monopoly that is now under investigation on at least two continents for this kind of abuse. Unlike Microsoft. And you think that is somehow on par with ... S mode? Wow. Look, Microsoft isn't perfect, it's a corporation. But it's also not the company you think it is. And your take on this topic isn't just wrong and wrong-headed, it's a waste of all of our time.
      • rfog

        In reply to paul-thurrott:


        A bug that a code specifically uses the clipboard paste functionality on each typing? Come on you.

      • BruceR

        In reply to paul-thurrott:

        Why "caught copying data" in the headline if it's just a bug?

      • winner

        In reply to paul-thurrott:

        I'm fine disagreeing with you, and still appreciate your work. But on this one, I disagree with your opinion.


        Paul, in a recent "What the Tech" you mentioed that Microsoft doesn't finish things (such as UI improvments/changes) and they've always been that way. So for that topic they're the "same company", but for my argument, somehow they're a "different company". I don't see the consistency. They have a long track record of anti-consumer behavior.

        • Paul Thurrott

          No, they don't. That's ridiculous. Using your broad definition of the term, every company is "anti-competitive". Of course they are: They don't want competition so they can dominate their respective markets. That's literally the goal. The issue isn't being anti-competitive. It's behaving illegally. And anti-competitve becomes illegal when you literally have a monopoly or are in some way dominating a sizable market. Apple does this. Google does. Amazon does. And Facebook does. Microsoft does not. When I speak generally of Microsoft on a podcast, I am speaking specifically about the only parts of Microsoft I care about or cover. And as to inconsistencies, yes, I see that across their end-user UX in Windows and Office, for sure. I have no opinions about whether this exists in Azure or whatever, both because I just do not care and have never even considered it. It's probably consistent, to be fair, since it's easy to update one web UI. Anyway, Microsoft's anti-competitive behavior was a problem when it monopolized personal computing. Not the market for PCs specifically, but personal computing generally. Today, they are a minor player. And if they wish to gain some advantage in Windows or whatever, God love them. It may bother us, and it does, but it's not illegal. And for F's sake, I write about not liking this stuff all the time. That doesn't make them illegal and it doesn't make Mirosoft anti-competitive. These ideas are so basic I'm surprised I need to spell them out.
  8. sentinel6671

    I want to believe this is just another example of rushing a product and allowing sloppy code, which is the norm today. But the list of other apps make it difficult. Quietly slurping data from end users is clearly too lucrative to ever not try, despite the outcry whenever someone is caught doing it. I expect better from Microsoft, but at the end of the day all the companies out of both sides of their mouth about privacy, so I'm not shocked.

  9. txag

    The explanation makes no sense to me.

  10. illuminated

    Reddit app is/was doing the same. I would think that this could be some common or unintentional practice. Pretty strange but sometimes weirdest things end up in the apps.

Leave a Reply