Microsoft Corp.’s LinkedIn programmed its iPhone and iPad applications to divert sensitive information without users’ knowledge, according to a class-action lawsuit.
The apps use Apple’s Universal Clipboard to read and siphon the data, and can draw information from other Apple devices, according to the complaint filed Friday in San Francisco federal court. The privacy violations were exposed by Apple and independent program developers, according to the suit.
Developers and testers of Apple’s most recent mobile operating system, iOS 14, found LinkedIn’s application was secretly reading users’ clipboards “a lot,” according to the complaint. “Constantly, even.” Apple’s clipboard often contains sensitive information users cut or copy to paste, including photos, texts, e-mails, or medical records.
“LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing” Apple’s clipboard timeout, which removes the information after 120 seconds, according to the suit.
LinkedIn spokesman Greg Snapper said the company is reviewing the lawsuit. Erran Berger, head of engineering at LinkedIn, said in a July 2 tweet that the company had traced the problem to a code path that performs an “equality check” between contents on the clipboard and typed text. “We don’t store or transmit the clipboard contents,” he added.
The lawsuit was filed on behalf of Adam Bauer of New York City, who says he routinely used the LinkedIn App on his iPhone and iPad.
The suit seeks to represent a class of users based on alleged violations of federal and California privacy laws and a breach of contract claim.
LinkedIn’s information collecting was reported earlier this month by outlets including the Verge and Forbes.
The case is Bauer v. LinkedIn Corp., 20-cv-04599, US District Court, Northern District of California (San Francisco). — Bloomberg