SoylentNews is people
SoylentNews
Reddit and LinkedIn stop copying iPhone clipboards:
Reddit and LinkedIn are changing their apps to prevent them from looking at the Apple iPhone clipboard.
In a developer trial of the latest update to the phone's operating system, iOS 14, users are notified whenever an app accesses the device's copied text.
The notification exposed frequent scanning of the clipboard by apps that many users thought should not need to do so.
The two firms follow TikTok in changing their apps amid the criticism.
[...] In research published in March, Talal Haj Bakry and Tommy Mysk identified dozens of apps which they said had accessed the clipboard.
At the time Apple said it did not think it was a vulnerability.
There are legitimate reasons why an app needs clipboard access - for example, in order to share a website address with a message platform, or to grab a password from a password manager and paste it into a password-protected service.
Related:
Reddit says it's fixing code in its iOS app that copied clipboard contents
Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data
Reddit promises to stop accessing user clipboards after being exposed by iOS 14
Previously:
(2020-06-28) TikTok and 53 Other iOS Apps Still Snoop Your Sensitive Clipboard Data
(2020-02-27) Apple Takes Heat Over 'Vulnerable' iOS Cut-and-Paste Data
(Score: 2) by looorg on Wednesday July 08 2020, @12:43AM (2 children)
In the case of the article tho I guess Reddit and Linkedin doesn't agree with your assessment. Clearly caught with their hand in the cookie jar where it didn't belong. It's not about that there are some or none legitimate reasons for it. But at the same time why would you need it? And need it all the time. What does it do with all the information it has access to but wasn't meant for it? Is that just gone or is it stored or send somewhere else? How do you distinguish between this needed and not needed access?
It seems to be a fairly common issue for a lot of apps that they just ask for all the access cause that is just somehow easier. Lets just have clipboard, GPS, camera, microphone, messages, addressbook, maps, settings whatever access there is. Also they seem to fail if they don't get them even tho there should be no reason to have them. I figure it's as was pointed out in the other reply that it's just easier to grab everything then to actually do what you need and just that.
(Score: 2) by Grishnakh on Wednesday July 08 2020, @01:19AM (1 child)
In the case of the article tho I guess Reddit and Linkedin doesn't agree with your assessment.
Even here, I see valid use-cases. For LinkedIn, what if I want to copy-and-paste from my resume to LinkedIn, or copy from a message there to someplace else? LinkedIn is also a messaging platform, remember. Why would I not want to be able to copy messages? What if I want to compose a message in an editor or something? Same goes for Reddit.
It's not about that there are some or none legitimate reasons for it. But at the same time why would you need it?
I believe I've already addressed this. If you don't think copy-and-paste is necessary in today's world, I don't know what to tell you. Windows has had it since the beginning in the 80s, and I'm pretty sure the X Window System has as well. Apple didn't have it on their iPhones (iOS) for a while when those phones were new, and it was easily the #1 complaint because it's such a PITA to not be able to copy-and-paste text from place to place. They finally added it in. I'm pretty sure Android had it all along, though I could be wrong. This feature has been recognized as an essential feature of GUI systems many decades now. I wouldn't be surprised if the Xerox PARC even had it.
And need it all the time.
How exactly do you give access *some* of the time to copy-and-paste functionality? That doesn't even make sense. Either you have access to the clipboard or you don't. It's like this with access to any system service: either the app has it, or it doesn't.
What does it do with all the information it has access to but wasn't meant for it?
I don't know, but what this does make me wonder is: why should any app have access to the clipboard contents unless you specifically press-and-hold and then press "paste"? If this isn't the case, this sounds like a failure in OS design. Maybe the mobile OS vendors need to do a redesign.
It seems to be a fairly common issue for a lot of apps that they just ask for all the access cause that is just somehow easier. Lets just have clipboard, GPS, camera, microphone, messages, addressbook, maps, settings whatever access there is.
Yes, I get that LinkedIn's app doesn't need your GPS location or access to your microphone. But this isn't what we're talking about here; we're talking about the clipboard, and messaging apps. They have a very good reason to use the clipboard.
(Score: 2) by looorg on Wednesday July 08 2020, @02:06PM
It's not about if there are legitimate reasons to have access to the clipboard or not. There clearly are cases when this is useful and needed. But that wasn't the case in the article.
This is the issue. They are scanning the clipboard even when you don't need it or asked for it. Probably as some kind of "feature". A feature they couldn't defend when asked about it, cause it probably made no sense. If you as a user press the button to fetch something from or send something to the clipboard that is just fine. Not the issue here.