Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday July 07 2020, @07:14PM   Printer-friendly
from the just-a-quick-peek dept.

Reddit and LinkedIn stop copying iPhone clipboards:

Reddit and LinkedIn are changing their apps to prevent them from looking at the Apple iPhone clipboard.

In a developer trial of the latest update to the phone's operating system, iOS 14, users are notified whenever an app accesses the device's copied text.

The notification exposed frequent scanning of the clipboard by apps that many users thought should not need to do so.

The two firms follow TikTok in changing their apps amid the criticism.

[...] In research published in March, Talal Haj Bakry and Tommy Mysk identified dozens of apps which they said had accessed the clipboard.

At the time Apple said it did not think it was a vulnerability.

There are legitimate reasons why an app needs clipboard access - for example, in order to share a website address with a message platform, or to grab a password from a password manager and paste it into a password-protected service.

Related:
Reddit says it's fixing code in its iOS app that copied clipboard contents
Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data
Reddit promises to stop accessing user clipboards after being exposed by iOS 14

Previously:
(2020-06-28) TikTok and 53 Other iOS Apps Still Snoop Your Sensitive Clipboard Data
(2020-02-27) Apple Takes Heat Over 'Vulnerable' iOS Cut-and-Paste Data


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday July 08 2020, @12:04AM

    by Anonymous Coward on Wednesday July 08 2020, @12:04AM (#1017929)

    Letting someone else run their code on my computer with network access currently requires trust.
    It appears the interpreter is not up to it and the current commercial environment.

    Apple exposed that Reddit, etal. were peeking at things a user would not expect them to.

    Reddit said it was ok because XXX, but we won't do it any more.
    I find that unsatisfying.
    Either they XXX was a good reason for the user and they should keep using it, or XXX was bogus which makes their app a trogan horse.
    That they just backed off without trying to convince users that XXX was good for them leans me towards the later.

    No doubt many others are doing similar things and Redit is not a special case.
    What could my phone do to improve this.
    Publishing who is accessing stuff is good.

    Perhaps the interpreter could keep track of who uses the data from all the neat input a phone can provide.
    Then allow some things to be used temporarily locally, but require user intervention for things to go further.
    It would be a pain for the JS interp to have track access rights for each variable, but CPU cycles don't seem rare?