More apps quietly reading iOS clipboard data

Jul 5, 2020 06:23 GMT  ·  By

iOS 14 includes new warnings when apps access clipboard data, and by the looks of things, this is something that way too many apps have been doing for God knows how long.

But the release of the very first iOS 14 beta is highlighting a major problem on Apple’s operating system, as apps that don’t need clipboard access still use it without any clear reason.

And the worse thing is that clipboard data can include anything from standard text to sensitive information like passwords and other details.

The latest apps discovered to be accessing iOS clipboard data are Microsoft-owned LinkedIn and reddit. In both cases, iOS 14 issued warnings when users launched the apps, but also while using them.

Updates to fix the whole thing already on their way

In the case of LinkedIn, the clipboard data is read with every keystroke, which means that the app has interrupted access to everything that’s in the clipboard.

Reddit claims it needs storage access to check for URLs that have previously been copied by the user in order to be posted on the site. The company guarantees that no clipboard data is stored or sent elsewhere but a fix to remove this behavior is already on its way and due to be released on July 14.

LinkedIn too has released a fix, and Erran Berger, LinkedIn’s vice president of engineering, explained on Twitter that users’ data stored in the clipboard wasn’t stored on the company’s servers.

“We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents,” he said.

These aren’t the two high-profile iOS apps that have silently accessed the clipboard. A more comprehensive list is available here, and there’s a chance other apps are doing the same thing, only that they haven’t been caught just yet.