LinkedIn sued over clipboard snooping iOS app activity

Posted:
in iOS
LinkedIn has become the target of a lawsuit over allegations its iOS app reads the Universal Clipboard without informing the user, a claim that suggests LinkedIn is secretly infringing on the privacy of its users.

LinkedIn on iOS
LinkedIn on iOS


Reports in recent weeks generated by a new feature in iOS 14 that alerts users to times a third-party app accesses the clipboard have applied pressure on developers to update their apps. Many caught by the reports have vowed to change their ways, such as TikTok, but the promises weren't enough to prevent an inevitable lawsuit from launching.

In a lawsuit filed by Adam Bauer in a San Francisco federal court, reports Yahoo Finance LinkedIn is accused of actively reading the clipboard data without telling the user it is doing so. While the iOS 14 feature notifies when the clipboard data is pulled by displaying a "pasted from" message, the lawsuit claims the attempts to read the data by the app is being interpreted by the detection function as a pasting attempt.

The suit goes on to reference reports from developers testing out the iOS 14 betas that determined LinkedIn read the clipboard "a lot." It is further suggested that, due to the Universal Clipboard being able to copy data between iPhones, iPads, and Macs used by the user, this means LinkedIn had the opportunity to spy on data sourced from nearby computers, as well as circumventing the Universal Clipboard timeout.

The complaint is also seeking certification for class-action status, based on an alleged violation of laws or social norms in California.

On July 2, an iOS 14 beta user discovered the copying of the data by LinkedIn after every keystroke, which at the time the company attributed to a software bug. The next day, LinkedIn product engineering chief Erran Berger clarified that the bug was in a "code path that only does an equality check between the clipboard contents and the currently typed content in a text box," and that LinkedIn doesn't "store or transmit the clipboard contents."

Clipboard snooping has been found to be carried out by many popular apps across the iOS ecosystem. In June, it was determined 54 out of 56 top apps that were previously found to be reading the contents of a user's clipboard months previously were still conducting the practice.

Comments

  • Reply 1 of 14
    MplsPMplsP Posts: 3,730member
    Ok, so someone is suing LinkedIn because their app reads the clipboard. Have they demonstrated harm? It’s kind of hard to win a civil suit if you can’t demonstrate harm.
    williamlondonllama
  • Reply 2 of 14
    bloggerblogbloggerblog Posts: 2,370member
    Good! I hope they also get sued over fooling users into giving up their contacts. 

    Clipboard content should only be readable when a user hits paste, the burden is on Apple to solve. 
    edited July 2020 Gilliam_BatesBeatsstevenozagilealtitudecaladanian
  • Reply 3 of 14
    lkrupplkrupp Posts: 10,495member
    MplsP said:
    Ok, so someone is suing LinkedIn because their app reads the clipboard. Have they demonstrated harm? It’s kind of hard to win a civil suit if you can’t demonstrate harm.
    So why aren't they suing Apple too for not knowing about it? It's coming, I can almost guarantee it.
    jony0seanismorriswilliamlondon
  • Reply 4 of 14
    BeatsBeats Posts: 3,073member
    Owned by Microsoft.
    caladanianwilliamlondonwatto_cobra
  • Reply 5 of 14
    LinkedIn should be sued for letting people think they can find a job using them. It’s a glorified Facebook.
    jony0williamlondonllamawatto_cobra
  • Reply 6 of 14
    mld53amld53a Posts: 21member
    MplsP said:
    Ok, so someone is suing LinkedIn because their app reads the clipboard. Have they demonstrated harm? It’s kind of hard to win a civil suit if you can’t demonstrate harm.
    That’s the purpose of the lawsuit. The Discovery process should reveal what they are doing with that data. 

    Here is some text from the actual complaint. Pretty egregious to me. 


    The system clipboard often contains some of the most sensitive data users routinely and temporarily store on their devices. Indeed, users store information, such as photos, text messages, e-mails, cryptographic keys, or even medical records, in their device clipboards to name a few examples. And LinkedIn was surreptitiously reading it—again and again and again—without any user-triggered paste commands, and without even notifying the user. LinkedIn’s conduct, which continued for potentially years before Apple’s iOS 14 beta laid bare its existence, was particularly egregious for users with more than one Apple device.

     

    A feature on Apple iOS and MacOS devices called the Universal Clipboard allows nearby devices to share clipboard information. Thus, a photo “copied” on a Mac computer is instantly transferred to a nearby iPhone’s clipboard—but it only remains available to a user on that device for 120 seconds for security reasons.

     

    Yet the LinkedIn App doesn’t just cut the user out of the clipboard equation—it circumvents the 120 second timeout on Apple’s Universal Clipboard. Specifically, the LinkedIn App repeatedly reads the Universal Clipboard with every user keystroke, and these 'reads' are interpreted by Apple’s Universal Clipboard as a 'paste' command, which takes the temporary information in the Universal Clipboard and removes the 120 second timeout. Simply put, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple’s Universal Clipboard timeout policy in doing so.

    edited July 2020 cy_starkmanstevenozcaladanianwilliamlondonronnFileMakerFellerwatto_cobra
  • Reply 7 of 14
    wonkothesanewonkothesane Posts: 1,648member
    It all b ok so down to what „read“ means. If I open the fridge it doesn’t mean I look inside, or analyze it’s content. If, however, intake out the last sausage without asking then that’s a big Nono (at least to some in our household) 
    williamlondon
  • Reply 8 of 14
    ivanhivanh Posts: 597member
    I want field level access security. Unnecessary access to unrelated fields in a file by an app or other apps is totally unacceptable to me.

    The data structure of all apps should be controllable by the user, not the developer.
    caladanianronn
  • Reply 9 of 14
    Rayz2016Rayz2016 Posts: 6,957member
    And yet people are quite happy to let Google read their emails. 🤷🏾‍♂️
    caladanianwilliamlondondjames4242FileMakerFellerwatto_cobra
  • Reply 10 of 14
    seanismorrisseanismorris Posts: 1,624member
    Rayz2016 said:
    And yet people are quite happy to let Google read their emails. 🤷🏾‍♂️
    That’s an oversimplification.  But, users agree to the terms and conditions with regards to targeted ads.

    This is completely different.  Included in the lawsuit should be Apple.  They new about this and ignored it for a long time...  I’d like to hear their reasoning in front of a judge.
    williamlondon
  • Reply 11 of 14
    djames4242djames4242 Posts: 649member
    Rayz2016 said:
    And yet people are quite happy to let Google read their emails. 🤷🏾‍♂️
    That’s an oversimplification.  But, users agree to the terms and conditions with regaerds to targeted ads.

    This is completely different.  Included in the lawsuit should be Apple.  They new about this and ignored it for a long time...  I’d like to hear their reasoning in front of a judge.
    I think the point here is the user hypocrisy, not that of the companies. People who use free webmail have little room to complain about privacy. A friend of mine refuses to use Facebook because he doesn’t want them having any of his personal data, yet he uses gmail. I feel more comfortable controlling what Facebook sees than using an email provider that combs all of my emails for targeted advertising.
    watto_cobra
  • Reply 12 of 14
    gatorguygatorguy Posts: 23,573member
    Rayz2016 said:
    And yet people are quite happy to let Google read their emails. ߤ簟ᆭzwj;♂️
    That’s an oversimplification.  But, users agree to the terms and conditions with regaerds to targeted ads.

    This is completely different.  Included in the lawsuit should be Apple.  They new about this and ignored it for a long time...  I’d like to hear their reasoning in front of a judge.
    I think the point here is the user hypocrisy, not that of the companies. People who use free webmail have little room to complain about privacy. A friend of mine refuses to use Facebook because he doesn’t want them having any of his personal data, yet he uses gmail. I feel more comfortable controlling what Facebook sees than using an email provider that combs all of my emails for targeted advertising.
    Of note as many seem to be unaware, Google does not "read" your Gmail, paid or free versions, for targeted advertising. That was discontinued in 2017.

    But my very old email account with Earthlink absolutely does as do many other free email services, and in the case of that Earthlink email, even paid it does so. 
    edited July 2020 ronn
  • Reply 13 of 14
    This is completely different.  Included in the lawsuit should be Apple.  They new about this and ignored it for a long time...  I’d like to hear their reasoning in front of a judge.
    That's rather a stretch from what I've seen so far, but I'm happy to be better informed. Apple may have had some evidence that the clipboard was being abused by some of the apps in the App Store thus leading to the new feature in iOS 14 to alert users when the clipboard was being accessed, but (a) that is yet to be proven and (b) if true, Apple's actions to strengthen the platform seem a reasonable approach delivered in a reasonable timeframe.
    djames4242watto_cobra
  • Reply 14 of 14
    djames4242djames4242 Posts: 649member
    gatorguy said:

    Of note as many seem to be unaware, Google does not "read" your Gmail, paid or free versions, for targeted advertising. That was discontinued in 2017.
    That’s good to know. As you said, I was unaware. Makes me wonder why companies offer free webmail then if not to monetize somehow. I’ll lay off my friend about it now 🙂
Sign In or Register to comment.