Social networking company LinkedIn was hit with a class-action complaint alleging that it engaged in “a particularly brazen, indefensible privacy violation” by reading data from Apple users' clipboards.
“Until abruptly exposed by Apple and independent developers, LinkedIn had programmed its iPhone and iPad applications to abuse Apple’s Universal Clipboard to brazenly read and divert LinkedIn users’ most sensitive data -- including sensitive data from other Apple devices -- without their consent or knowledge,” New York resident Adam Bauer alleges in a class-action complaint filed Friday in U.S. District Court for the Northern District of California.
The allegations appear to stem from a report earlier this month by developer Don Morton, who tweeted that Microsoft's LinkedIn was copying the clipboards on his iPad and MacBook.
"LinkedIn is copying the contents of my clipboard every keystroke' he wrote. “I'm on an IPad Pro and it's copying from the clipboard of my MacBook Pro.”
Apple's newest operating system, iOS14, which is now available to developers, alerts users when their clipboards are accessed and copied by apps. Device clipboards temporarily store material that users cut and paste -- which can include emails, passwords and photos.
“Users do not, and reasonably should not, expect that electronic communications -- including the substance of e-mails, messages, photos, and other communications -- will be autonomously read by any apps residing on nearby Apple devices, nor do they expect that the contents of nearby Apple devices’ clipboards will be read by apps on their local device without an affirmative paste command by the user,” Bauer's complaint alleges.
LinkedIn Vice President of Engineering for Consumer Products Erran Berger said earlier this month that the company does not store or transmit the clipboard material.
“We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box,” Berger tweeted in response to Morton's report. "We don't store or transmit the clipboard contents.”
Two days later, Berger said on Twitter that LinkedIn had removed the code in the newest version of its iOS app.
The lawsuit claims LinkedIn is violating the federal wiretap law, as well as various California privacy laws.
A LinkedIn spokesperson said the company is still reviewing the complaint.