Social networking company LinkedIn was hit with a class-action
complaint alleging that it engaged in “a particularly brazen, indefensible privacy violation” by reading data from Apple users' clipboards.
“Until abruptly exposed by Apple
and independent developers, LinkedIn had programmed its iPhone and iPad applications to abuse Apple’s Universal Clipboard to brazenly read and divert LinkedIn users’ most sensitive data --
including sensitive data from other Apple devices -- without their consent or knowledge,” New York resident Adam Bauer alleges in a class-action complaint filed Friday in U.S. District Court for
the Northern District of California.
The allegations appear to stem from a report earlier this month by developer Don Morton, who tweeted that Microsoft's LinkedIn was copying the clipboards on his iPad and MacBook.
"LinkedIn is copying the contents of
my clipboard every keystroke' he wrote. “I'm on an IPad Pro and it's copying from the clipboard of my MacBook Pro.”
Apple's newest operating system, iOS14, which is now available
to developers, alerts users when their clipboards are accessed and copied by apps. Device clipboards temporarily store material that users cut and paste -- which can include emails, passwords and
photos.
“Users do not, and reasonably should not, expect that electronic communications -- including the substance of e-mails, messages, photos, and other communications -- will be
autonomously read by any apps residing on nearby Apple devices, nor do they expect that the contents of nearby Apple devices’ clipboards will be read by apps on their local device without an
affirmative paste command by the user,” Bauer's complaint alleges.
LinkedIn Vice President of Engineering for Consumer Products Erran Berger said earlier this month that the company does
not store or transmit the clipboard material.
“We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text
box,” Berger tweeted in response to Morton's report. "We don't store or transmit the clipboard contents.”
Two days later, Berger said on Twitter that LinkedIn had removed the code in the newest version of its iOS app.
The lawsuit claims LinkedIn is violating the federal wiretap law, as well as
various California privacy laws.
A LinkedIn spokesperson said the company is still reviewing the complaint.