LinkedIn Sued After iPhone App Found Reading Clipboard Data on iOS 14

It was discovered earlier this month that the LinkedIn app was silently reading clipboard data thanks to Apple’s name and shame approach in iOS 14. A company executive was quick to point it out as a bug in its app, but that has not stopped an iPhone user in New York from filing a lawsuit against it.

Adam Bauer has filed a lawsuit against LinkedIn in the San Francisco federal court for reading clipboard data of iPhone users without informing them about it. The company has not responded to the lawsuit yet.

“LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing” Apple’s clipboard timeout, which removes the information after 120 seconds, according to the suit.

LinkedIn is just one of the many apps that were found to be silently reading clipboard data of iPhone users. Other popular apps include TikTok, Reddit’s official client, and more. All of these apps have been updated or will soon be updated to remove clipboard snooping. It was actually reported back in February itself that a number of iOS apps were silently reading clipboard data. This included TikTok which promised to fix the issue but never got around to doing so.

iOS 14 will notify users whenever an app reads clipboard data via a banner notification. After the first beta of iOS 14 was released, it was discovered that apps like TikTok, LinkedIn, and others were reading the clipboard data after every keystroke. Reddit, in its case, confirmed that it was doing this for the post suggestion feature in its app and confirmed that it did not send or share the clipboard data with its servers.

Our Take

It is quite common for iPhone users to copy the password or login credentials from a password manager and then paste it into an app. In other cases, the clipboard can contain other sensitive content as well which is why apps silently reading its data is a major privacy risk.

As for the claim in the lawsuit that LinkedIn has been spying on nearby computers and devices, it is completely baseless. The app uses Bluetooth LE to find LinkedIn users nearby and it takes the required permission for this as well.

[Via Bloomberg]