As I reported on July 4, the Apple iOS 14 privacy “paste notifications” feature exposed Microsoft-owned LinkedIn accessing clipboard content on every keystroke. The very next day, I followed that story up with another after the Reddit app was also caught up in the clipboard content reading iOS 14 alert revelations.
Now an iPhone user in New York has filed a proposed class-action lawsuit (seen by myself) against LinkedIn in the United States District Court, Northern District of California.
The July 10 filing seeks to “remedy a particularly brazen, indefensible privacy violation,” claiming LinkedIn had programmed iPhone and iPad applications to abuse the clipboard to “read and divert LinkedIn users’ most sensitive data” without consent or knowledge.
The complaint, filed by Adam Bauer, alleges that the LinkedIn app had been “spying on its users” but also the other Apple devices owned by those users. This relates to the Universal Clipboard feature of iOS and macOS devices, which allows the sharing of clipboard data between them.
In the complaint, Bauer said that he wasn’t aware that apps had had access to his clipboard information “without his affirmative consent by means of a paste command.” If he had known, Bauer said, then he “would not have used the LinkedIn app.”
When the iOS 14 paste notifications feature was made available to Apple developers in June, it didn’t take long for the first flurry of privacy concerns to emerge. Initially, these alerts involved some 53 apps that were accessing Apple clipboard data. One of these was TikTok, which updated its app on June 27 to prevent the access.
It was the CEO of career portfolio site Urspace, Don Morton, who first spotted that LinkedIn was not only reading the clipboard but doing so with every keystroke. “I’m on an iPad Pro, and it’s copying from the clipboard of my MacBook Pro,” Morton tweeted.
Erran Berger, LinkedIn’s vice president of engineering for consumer products, said that LinkedIn neither stored nor transmitted the clipboard contents and the process was part of an “equality check” against content typed into a LinkedIn text box and was effectively a bug. The LinkedIn iOS app was updated on July 4, complete with “bug fixes.”
The iOS 14 paste notification alerts were introduced following a report from developers at Mysk. Talal Haj Bakry and Tommy Mysk explained to Apple how they had discovered location information being leaked through the system pasteboard in January.
A LinkedIn spokesperson, Dan Miller, told me that “we are aware and reviewing” the lawsuit.
I have approached Bauer’s legal counsel for comment.