Apple’s recently-released iOS 14 beta for iPhone might not be final code, but it’s already making waves in the world of mobile apps—and in a way that some app developers probably aren’t very thrilled about.
The developers’ beta for iOS 14 alerts users when an app is reading the data from your iPhone clipboard—which is also shared with your other nearby Apple devices—and it turns out that a large number of very popular apps are reading your clipboard’s content on a regular basis. That content could include all manner of sensitive information, including Bitcoin addresses and other financial data.
It’s not a brand new issue, as researchers at Mysk first detailed the concern back in March before iOS 14 was announced, nor does it mean that every app that triggers the alert is reading your clipboard data maliciously. But it is concerning to users, and the list of apps keeps growing.
Late last week, developer Don Morton discovered that the official Reddit app for iOS is another app that keeps checking your clipboard data, even when you haven’t prompted it to do so. According to the company, a fix is already incoming.
“We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL,” a Reddit spokesperson told The Verge. “We do not store or send the pasteboard contents. We removed this code and are releasing the fix on July 14th.”
LinkedIn was also flagged as an offender late last week, and the company has likewise promised to push out a fix. The company’s vice president of engineering for consumer products, Erran Berger, tweeted Friday, “We’ve traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don’t store or transmit the clipboard contents.”
Social video sensation TikTok was the first major app called out for the issue back in March, at which time the company claimed that it would fix the issue. That apparently never happened, because TikTok was again the subject of viral complaints about the problem once the iOS 14 beta was released.
Hi @DonCubed. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.
— Erran Berger (@eberger45) July 3, 2020
A TikTok representative told Ars Technica late last month that the code was used as part of an anti-spam feature, and that the company really would remove it in the near future.
Dozens of other popular apps and games, from The New York Times to PUBG Mobile, were also identified as offending apps back in March, and only some had addressed the issue as of last week. We’ll see whether public pressure and the impending final release of iOS 14 this fall pushes more developers to address such privacy concerns within their apps.