Friday, July 3, 2020

LinkedIn iOS Clipboard Snooping

Don (via Hacker News):

LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.

I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.

Erran Berger (VP of Engineering):

Appreciate you raising this. We’ve traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don’t store or transmit the clipboard contents.

fingerlocks:

It’s an innocuous comparison of text input to the pasteboard to prevent unwanted autocorrect insertions.

It doesn’t seem like iOS 14’s new pasteboard sniffing API would handle this case.

Previously:

Update (2020-07-06): John Gruber:

Even if you really did want to make an app that steals people’s clipboard contents, there’s absolutely no reason you’d check the clipboard contents this frequently. It’s just sloppy programming. But once revealed, a sloppy implementation like LinkedIn’s looks sketchy as hell.

Update (2020-07-27): Hartley Charlton:

Microsoft’s LinkedIn was sued yesterday for allegedly reading and diverting users’ private information using the iOS clipboard.

1 Comment RSS · Twitter


Lily Ballard

The described usage here is really problematic. They’re doing this because they consider a change inserting multiple characters to be an autocorrection. But that’s a bad assumption. An autocorrection could be a single character, and a manually-typed input could be multiple (“character” here is a UTF-16 code unit), such as typing chinese. The pasteboard comes in because it assumes any change that matches the pasteboard must be a paste.

But the real wtf is why they’re doing this at all instead of just disabling autocorrection on the text field.

Leave a Comment