Tech

LinkedIn Sued After Being Caught Harvesting Users’ Clipboards on iOS 14

By Novak Bozovic / July 11, 2020

Last week, TechNadu reported on LinkedIn being caught accessing users' clipboards on iOS 14. This Microsoft-owned company was among 50+ whose apps were reading everything iOS users would copy and paste on their devices. However, this situation has taken a rather unexpected turn, as LinkedIn is now being taken to court.

One of the most prominent features of iOS 14 is the all-new privacy transparency tools. Apple has finally decided to let users know how individual apps are handling their private data. Even before you download an app from the iOS App Store, you'll see an overview of what data you'll need to provide. However, when you copy and before you paste something on your iPhone or iPad, Apple's operating system will warn you if a third-party app is accessing that information via a banner at the top of the screen.

As soon as the first developer preview of iOS 14 appeared, apps like TikTok, LinkedIn, Starbucks, Overstock, AccuWeather, Pigment, and plenty more have been caught harvesting private information. As could have been expected, many of those have already issued software updates to resolve this problem, saying that this was a bug, or a system designed to prevent "spammy" behavior. The same happened with the LinkedIn iOS app – as the latest update has made the app stop reading users' clipboards.

The lawsuit against LinkedIn was filed in San Francisco federal court by Adam Bauer. According to the complaint, the LinkedIn app used Apple's Universal Clipboard to read and harvest the data – and not just from a single device. Instead, this mechanism was designed to work across multiple Apple devices. That's because Apple's Universal Clipboard uses iCloud to help you copy something on one device, and then paste that data (such as text, images, and more) onto another device.

As the lawsuit explains, LinkedIn has found a way to circumvent Apple's clipboard timeout, set to 120 seconds by default. This means that LinkedIn has somehow managed to track its users around-the-clock and harvest very private information, including emails and medical records.

Allow us to remind you that Erran Berger, head of engineering at LinkedIn, acknowledged this issue via a tweet, saying that the company has tracked the problem to a code path that performs an "equality check" between contents of the clipboards. Berger also noted that LinkedIn has never transmitted this information as well as that the app's behavior was simply a bug.

The lawsuit seeks to certify the complaint as class-action based on alleged violations of the law or social norms, under California laws. All we can do right now is wait and see if the court will accept the user's appeal against LinkedIn. If that doesn't happen, we're unlikely to learn the true extent of LinkedIn's treatment of your private data.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: