In a Tweet today, a user pointed out a privacy security issue on many of the essential apps used on iOS devices including LinkedIn app. The tweet was followed by many other person who also noted same problem on apps like Google News, Tik tok and more. Already, LinkedIn has promised to fixed the security issue which they called a bug as highlighted in the tweet. LinkedIn to stop repeatedly copying iOS clipboard
Behind the scenes of this Apps, it keeps watch of every single keystroke you type on your keyboard. That might not be much of a problem just yet, but think of the kind of data you type on your phone daily, it could be your Debit Card Details, Passwords, Private Chat, Token, etc. Now, how do you feel knowing that some App is watching all of these information you type on your phone without first requesting your permission to access these data.
Lucky enough for everyone, the said Apps that have been identified to carry out this undesirable feature are managed by the good guys and can be trusted, but what if a tool like this falls into the hands of the bad guys? if not already, think of what will happen and who knows how many apps out there already has the ability to keep watch of every single keystroke you type on your keyboard.
What do these apps use such data for? that’s a question you probably be asking right now and here is an answer: The app copies clipboard contents in order to perform an “equality check” between what a user is typing and what’s in their clipboard, according to LinkedIn engineering VP Erran Berger. And why is this equality check necessary? Sorry but Berger did not mention why this check was necessary. Nevertheless, we are also made to understand that the information collected from our clipboard is not transmitted or stored somewhere in the cloud. “We don’t store or transmit the clipboard contents,” Berger wrote on Twitter.
We can not tell for how long this equality check has been going on but thanks to a new privacy feature in iOS 14 beta that is meant for developers, The operating system now notifies users when an app copies something from another app or device. This has led to people spotting questionable behavior from apps that appear to copy clipboard contents with every keystroke.
With the help of the new iOS 14 feature, a user was able to monitor a LinkedIn App copying contents from other app and accessing the clipboard information. The user called out on Linkedin in a tweet on Twitter and here is what LinkedIn has to say:
Appreciate you raising this. We’ve traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don’t store or transmit the clipboard contents.
An example of this is in a library we have open sourced, and you can find the fix here. We will follow up once the fix is live in our app.
Hi @DonCubed. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.— Erran Berger (@eberger45) July 3, 2020
As already mentioned above, TikTok was also discovered to have been copying users clipboard information, which they describe as an Anti-spam feature when called out last week. The app similarly appeared to be repeatedly grabbing clipboard contents as a user typed, leading to concern that it was spying on data from other apps. TikTok said the behavior was part of an “anti-spam” feature and that it would discontinue the practice.
LinkedInn calls it “Equality Check”, Tiktok calls it Anti-spam. Lets wait to hear what other companies are going to name it.
Twitter users don’t seem to be pleased with the explanation from these two companies, here is what Twitter users have to say.
What a lame response. When caught, start with apology. Say that you are sorry. Ask for forgiveness and promises to be better. Then explain how comes that you use the clipboard (everyone knows it is a very sensitive area, and you were caught using it without care).— Yoram Snir (@mysnir) July 3, 2020
Why does the linkedin app need to know if the text box matches the clipboard?— Commandork (@stevelord) July 3, 2020
Also your link to the commit appears to be wrong, I think the right one is: https://t.co/LUcjTJWApK
“Code path does an equality check between clipboard contents and the currently typed content”.— Gokul V (@rgokul) July 3, 2020
Would you please write in detail about it? May be, you can use Microsoft Blog or something for this.