Sueball locked, loaded and pointed at LinkedIn over iOS privacy naughtiness
Microsoft’s social-media-for-suits tentacle, LinkedIn, has attracted legal fire for allegedly peering at the clipboard of iOS devices.
A putative class-action lawsuit [PDF], filed on Friday by Adam Bauer in the US District Court for Northern California, has claimed that LinkedIn’s iPhone and iPad apps peered at Apple’s Universal Clipboard, which can also briefly contain data from nearby Mac devices.
As well as doubtless making the podcast app a bit worse (as it seems to do with every release), the upcoming version of Apple’s mobile OS also features a bunch of privacy features, including a notification telling the user when an app is reading from the device’s clipboard.
Those brave enough to take the beta of iOS 14 out for a spin now receive notifications when the clipboard is accessed and have found that some apps – allegedly including LinkedIn’s – have been reading from the clipboard without the user triggering a paste command.
The clipboard could contain all manner of private information (the lawsuit suggested cryptographic keys or medical data) as users hop from app to app “and LinkedIn was surreptitiously reading it – again and again and again – without any user-triggered paste commands, and without even notifying the user.”
The suit from New York-based Bauer claimed the alleged behaviour violated federal and state law. The legal eagles are looking for class-action status thanks to the millions of users potentially affected.
LinkedIn has tried to head things off before the filing. Its VP of engineering, Erran Berger, insisted that the app didn’t store or transmit the clipboard contents, and the code merely did “an equality check between the clipboard contents and the currently typed content in a text box.”
Berger went on to tell worried users that the company had submitted a new version of its app that removed the offending code.
Of the lawsuit, LinkedIn spokesperson Dan Miller told The Register: “We are aware and reviewing.”
Regardless of whether Bauer’s action proceeds or achieves class-action status, the arrival of iOS’s additional privacy notifications will give developers pause for thought when it comes to what their apps (or the components upon which their apps depend) are doing.
A careless bit of code looking at things it shouldn’t without a nod from the user could attract the unwanted – and expensive – attention of the legal system. ®
READ MORE HERE