Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy IOS

LinkedIn Says iOS Clipboard Snooping After Every Key Press is a Bug, Will Fix (zdnet.com) 38

A LinkedIn spokesperson told ZDNet this week that a bug in the company's iOS app was responsible for a seemingly privacy-intrusive behavior spotted by one of its users on Thursday. From a report: The issue was discovered using the new beta version of iOS 14. For iOS 14, set to be officially released in the fall, Apple has added a new privacy feature that shows a quick popup that lets users know when an app has read content from their clipboard. Using this new mechanism, users spotted last week how Chinese mobile app TikTok was reading content from their clipboard at regular short intervals. TikTok said the feature was part of a fraud detection mechanism and that the company never stole the clipboard content, but promised to remove the behavior anyway, to put users' minds at ease. This week, users continued experimenting with this new iOS 14 clipboard access detection system. Yesterday, a developer from the portfolio-building portal Urspace.io discovered a similar mechanism in the LinkedIn iOS app. In a video shared on Twitter, the Urspace developer showed how LinkedIn's app was reading the clipboard content after every user key press, even accessing the shared clipboard feature that allows iOS apps to read content from a user's macOS clipboard.
This discussion has been archived. No new comments can be posted.

LinkedIn Says iOS Clipboard Snooping After Every Key Press is a Bug, Will Fix

Comments Filter:
  • by Pierre Pants ( 6554598 ) on Friday July 03, 2020 @10:06AM (#60258014)
    Anyone who uses their "services" is a god damned idiot. They're among the worst spammers in the world, among the worst scammers in the world, and unsurprisingly, now everyone knows even more clearly how deep they're in the stealing your personal info business. Boycott this freaking horrible company already.
    • Comment removed based on user account deletion
      • Re: (Score:3, Informative)

        LinkedIn doesn't honor any account preferences, they keep spamming you forever, even after you close your account after you made sure to disable every possible thing. They also don't just spam members or former members, they spam people who never were in contact with them in any way. It's one of those companies that can claim you "were in touch with their partners" (their "partners" include most major tech companies) so spamming you is fine because you somehow "consented" (no, you never did). They're litera
      • by Khyber ( 864651 )

        "Linkedin helped me keep in touch with my ex-colleagues which was key to how I landed my last job"

        It's called a rolodex, or as you people with your smartphones call it - a contacts list. Do you not know how to use one?

    • TikTok. Another poisonous application to be added to an ever-longer list of poisonous applications purporting to be "social media". But the population is too lonely to avoid addiction, too weak to delete the apps, and too much in denial to see what's happening to them. By design.

      Remember that thing called television? A President of the United States once included in a televised speech the outcome of a baby's birth to comedianne Lucille Ball, whose marriage to Desi Arnez was being parodied in "I Love Lucy
      • Yes, I remember television. It was obsolete the instant on-demand was invented and that was long overdue.

        • lol, like you think it's substantively different, other than that the product being sold is not a box of Duz but you.
    • Stealing what, exactly? I use LinkedIn for precisely two things:

      * A place to put my resume online
      * A contact list of colleagues I've worked with

      The resume is public information. There's literally nothing to steal. Anyone is welcome to that information, as that's the point of a resume/CV. So there's no privacy issue here. The contact list is valuable to LinkedIn in aggregate, so they have an incentive to keep it private. I don't consider it all that confidential, but they're welcome to monetize that in

    • Comment removed based on user account deletion
  • "A bug", sure. (Score:5, Interesting)

    by ZorinLynx ( 31751 ) on Friday July 03, 2020 @10:10AM (#60258024) Homepage

    You have to deliberately use the API to get the clipboard contents. The code to do so in the app shouldn't exist at all; someone must have put it there. How on earth do they expect anyone with even a little programming experience to believe that's "a bug"?

    No, you got caught with your pants down just like other companies. Fix your shit and own up to it.

    • it's possible that they are using a third-party antifraud sdk and didn't think about disabling this feature. that would be a bug.

      iOS business app development is mostly just gluing libraries together anyway. wouldn't be the first time something like this happened.

    • I have a lot more than "a little" programming experience and I can believe that it is a bug. It could also be them trying to extract private data via your clipboard, but you wouldn't do that after every key press. You would do that whenever the app comes back to the foreground (because that means the user could have been in another app and copied something).

      For example, some input field is restricted to four characters, so I cannot paste more than four characters from the clipboard, so I check after each
      • Agreed. I've been programming for longer than many Slashdot members have been alive, and I could see multiple routes to this bug.
        I've also been actively studying, learning more, the entire time (currently via postgrad courses at Georgia Tech, among other things.)
        Definitely possible for it to be a bug.

        > You would do that whenever the app comes back to the foreground (because that means the user could have been in another app and copied something).

        Well yeah that kinda does prove there is a

  • Again ? (Score:4, Informative)

    by Pascal Sartoretti ( 454385 ) on Friday July 03, 2020 @10:10AM (#60258026)
    Remember this story ? [slashdot.org]

    I deleted the LinkedIn application when it happened, the web version is sufficient and less risky.

    Never trust such a company.
    • I think that's a good idea in general. If a company has an app, but also has a perfectly serviceable mobile web site that does the same thing, avoid the app and just use the web site. I do this for a certain prescription discount company.

  • by Akardam ( 186995 ) on Friday July 03, 2020 @10:11AM (#60258028)

    Maybe you want to give companies that do this the benefit of the doubt. Maybe (and I speak without specific knowledge of developing iOS apps), some library they used had such a feature enabled by default (in which case shame on the library).

    But, we see so much of this these days, I think a lot of folk's "benefit-of-the-doubt" bucket has been drained... and we assume the worst. Because Linkedin is one of those "information" companies, who's core business depends on how much info they have, and/or having more info than The Other Guy, it makes it all the harder to give them the benefit of the doubt.

    Plus, of course, them calling it a bug. Suuuure. In my mind, a bug is something that crashes your program or gives a wrong answer to a calculation... not that does something (and does it correctly) that the program isn't supposed to do.

    I won't be so naive as to say I don't know why every company these days seems to "telemeter" everything, even when they make a paid product. I just wish we hadn't ended up in a world where it was so prevalent.

    Now, to go back to browsing the web on AmigaDOS...

    • Re: (Score:2, Funny)

      by gnasher719 ( 869701 )

      Plus, of course, them calling it a bug. Suuuure. In my mind, a bug is something that crashes your program or gives a wrong answer to a calculation... not that does something (and does it correctly) that the program isn't supposed to do.

      Well, your definition of "bug" is wrong. Something that shows an alert to a user without any need is a bug. Looking at the clipboard was no bug yesterday, but today it is.

    • Don't act so surprised. Everyone in the early 90s knew this was going to be the result of 'everything computers'. It's just that along the way, people have tried over and over to keep up with the mainstream mentality that, 'conspiracy theorists' are just annoying nerds that need tinfoil hats, trying to tell all of the 'sheeple' to wake up.' Remember all that BS? Yeah, it wasn't BS, and still isn't.

      This will get worse and worse, and more and more things that, today, are seen as normal everyday life thing

      • Also, arguing, the way I am now, will land you in jail or worse.

        Probably. Me too, but, at this rate, at least l'll be sharing a cell with actual humans instead of corporate soul suckers.

    • Plausible deniability. That's what separates the idiot crooks who get sentenced to prison the first time they're arrested, from the suave crooks who get the charges dropped every time they're arrested. Any smart company wishing to employ malware-type mechanisms is going to have already thought up a reasonable-sounding answer to, "what do we do if we ever get caught doing this?" They'll have written up a playbook for how they're going to respond if the malware is discovered, before they ever deployed the m
    • Comment removed based on user account deletion
  • Hand in cookie jar is a bug
    • by jmccue ( 834797 )

      If only I had mod points

      oops it is a bug, sorry, will put another bug^H^H^H fix in to correct the problem

      Seems this is happening a lot these days

    • Hand in cookie jar is a bug

      Dick pick in the clipboard is a defense against the bug.

  • by AndyKron ( 937105 ) on Friday July 03, 2020 @10:18AM (#60258056)
    It most certainly was a bug, and a clever one too
  • by Way Smarter Than You ( 6157664 ) on Friday July 03, 2020 @10:50AM (#60258154)

    Headline should have been, "Microsoft caught stealing clipboard contents".

    There is no such thing as "LinkedIn" anymore. It is only a Microsoft brand and trademark now.

  • just to add y business to it BUT wtf is it? It looks like a Google+ with spam promoting shit business and SEO spam posts.

  • You know you're being manipulated when you only change the variable name in your code and you get a different outcome at runtime.

  • "LinkedIn Says iOS Clipboard Snooping After Every Key Press is a Bug"

    Lol, right, a 'bug'. That's fucking adorable. "Whoops, clumsy ol' me!"

  • by account_deleted ( 4530225 ) on Friday July 03, 2020 @05:09PM (#60259136)
    Comment removed based on user account deletion
  • And only v14 beta?

news: gotcha

Working...