Apple habitually promises more security and privacy than its rivals, in exchange for quite a bit more money and a much more wall-gardened app ecosystem.
However, when app developers Talal Haj Bakry and Tommy Mysk warned back in February that many apps were leaking information via data in the systemโs clipboard, Apple told them they didnโt see an issue with this vulnerability.
But thereโs been a change of heart in the meantime, with the iOS version, now in beta and due to be released in the fall, introducing a new feature โ โpaste notifications,โ that lets the user know when apps access content in their clipboards.
And now developers who are testing the next version of the mobile OS are flushing out one app after another for accessing this data for no apparent reason, and apparently, without permission.
The first was was Chinaโs mega-successful viral app TikTok, followed by Microsoftโs LinkedIn, and finally, Reddit made it to the list as well.
Reddit said it had traced the way this was happening in its code and would be releasing a fix on July 14.
Most apps appeared to be accessing the clipboard only once on startup, while TikTok was accused of doing this โwith every few keystrokesโ. But it now looks like this was true of all three.
However, they are merely among the 53 apps discovered to engage in this behavior.
TikTok claimed not to store any of the data the app was able to access, and that this โfeatureโ was stopped with a fix rolled out on June 27.
Apple is yet to comment on any of this. Could this widespread ability of apps to gain access to data in the clipboard have something to do with the infrastructure of its OS โ and is providing a notification alert all, and the best they can do?
For now, in order to avoid bad press, apps themselves are scrambling to remove their ability to access this data.
LinkedIn, who like TikTok also โcaptures every keystroke,โ has offered a convoluted explanation: โThe code path was performing an โequality checkโ between the clipboard content and that typed into a LinkedIn text box.โ
Asked what this actually means, a spokesperson said, โEquality check is a publicly referenced term โ so we donโt have anything to add.โ This snottiness aside โ LinkedIn, too, promised a fix.