Another Way You’re Losing Your Privacy—Mobile Clipboard Data
Written by Peggy Keene
A number of social networking platforms came under fire when it was revealed that mobile applications installed on cellphones could have found a new insidious way to spy on user information—by copying the contents of a user’s clipboard data.
Is Your Mobile Clipboard Data Private?
In technological lexicon, the “clipboard” originally referred to a small, temporary buffer that operating systems provided for users to utilize as a short-term storage space that could allow the user to transfer a small amount of information from application to application or from window to window. As technology improved, the storage space and capabilities of the clipboard increased, and many operating systems expanded the clipboard to be able to hold multiple entries or even give users the option to “lock” specific clipboard entries so that the user could permanently have access to the entry until purposely deleted.
It was revealed, though, that a number of big-name companies behind popular phone applications, such as Reddit, TikTok, and LinkedIn, were actually copying and storing the contents of their app users’ clipboards. While some companies have claimed that the coding behind such copying was for innocuous reasons, (e.g., Reddit claims the code was to help suggest post titles) others have simply declined to comment. Many of the most high-profile companies, including the aforementioned three, however, have promised to remove the code and discontinue the practice.
Mobile Clipboard Data Privacy Concerns Revealed
Most of the privacy violations were uncovered after the rollout of a new privacy feature released in iOS 14 that alerted users when applications they had opened were copying their clipboard. Obviously, the implications behind such copying would mean that these applications could be keeping records of any information you have ever copied, pasted, or simply stored on your clipboard. For many, clipboard information is not only information that is often copied for use between applications, but also information that may include highly sensitive personal data such as: Social Security numbers; passwords; credit card numbers; or bank routing numbers, etc.
The information could potentially be sold or accessed by third parties. Moreover, if the companies simply choose to maintain control over such information for analytics, the protection of clipboard data may not be subject to the same standards or rigorous safeguards that consumers would expect for information more explicitly labeled as being sensitive (e.g., financial statements) and requiring higher levels of data security.
Since the federal government has yet to pass an all-encompassing law addressing the protection of personal data, it follows that there is no requirement for companies to disclose whether or not they are copying your clipboard data. As such, privacy experts note that while it is promising that some of the high-profile companies have agreed to discontinue such practices, it is likely that these applications, and others, are still copying similar technological buffers, caches, or “temporary” spaces that users may assume that companies do not have access to.
Key Takeaways From Discovery of Mobile Applications Copying User Clipboard Data Privacy issues for consumers:
clipboards are often used to temporarily store sensitive information;
there are no legal requirements for companies to disclose whether or not they are copying users’ clipboards; and
even if there were federal guidelines regarding such use, many applications would not be subject to U.S. law because they originated abroad. TBJ
This article was originally published on the Klemchuk Intellectual Property Trends blog and has been edited and reprinted with permission.
PEGGY KEENE is counsel to Klemchuk and focuses on internet law, particularly e-commerce, consumer digital privacy, e-sports, and video game law. She has also counseled clients in trademark portfolio management and served as in-house counsel in the telecommunications industry.