LinkedIn, owned by Microsoft, has been sued for secretly snooping on user’s clipboard data, including the clipboard information that is synced between Apple devices. LinkedIn app was caught accessing clipboard data without any user permission thanks to a new iOS 14 feature which notifies the user when an app accesses any content that is copied or pasted from another app.
The lawsuit has been filed in a federal court in San Francisco by a New York resident, Adam Bauer. The lawsuit attempts to be classified as a class action lawsuit based on the violation of laws in California. The complaint notes that LinkedIn has been secretly snooping on user data not only from iPhones, but also other user devices such as iPad and Macs.
LinkedIn had earlier responded to this issue and claimed innocence that this was happening due to a bug in the framework in use by the company. A new version of the app is to be released soon to fix this issue. However, the issue is not just that the app access data once, it access it repeatedly, all the time. This means that the app has read any password, credit card number or other sensitive information that users have copied to their clipboard.
For its part, LinkedIn is not new to privacy and security flaws. Check out our previous coverage:
- LinkedIn’s Data Problem: AutoFill Plugin Allowed User Data to Be Stolen by Third-Party Websites
- Hackers are Using Stolen LinkedIn Data to Spread Banking Malware via Phishing Emails
- 117 Million Hacked LinkedIn Accounts Adverised for Sale on the Dark Web
Apart from LinkedIn, TikTok, Reuters, Google News, AliExpress, and many other popular apps have been caught snooping on clipboard data without permission via iOS 14. Many of the developers have responded and promised software updates to fix the ‘bugs’ but one can imagine that if these companies were not caught, the issue would have continued undetected.
Now that Apple has exposed apps that are snooping on user data without permission, the company should add a new permission setting in iOS and iPadOS so that apps have to request permission when they first want to access clipboard information. The permission could be permanent or temporary, similar to how it handles locations and Photos access. While Apple is at it, it should even add similar permissions to macOS. Considering how much clipboard data is synced between Macs, iPhones, and iPads, there might be macOS apps that silently read clipboard data without getting caught.
