g/technology: “Reddit says it’s fixing code in its iOS app that copied clipboard contents”

“Reddit says it’s fixing code in its iOS app that copied clipboard contents” - WTF? 📦

106 05 Jul 2020 02:20 by u/retrogamer_wv

So apparently there was a “bug” in their code that was copying whatever a user had in their clipboard in iOS. Yeah, between that and the Tencent crap... I’m glad I’m making the switch.

27 comments

47 u/captainmeta4 05 Jul 2020 03:21

Meanwhile at Ruqqus we are fixing bugs that accidentally burn your clipboard, your browser, your device, and the servers.

33 u/retrogamer_wv [OP] 05 Jul 2020 03:37

All of that > owned by Tencent. Seriously - thanks for making this place.

26 u/SilkyValley 05 Jul 2020 02:58

Tik Tok and many other for the most part Chinese owned apps are in the list of the ones doing this. There's been a few articles going around reporting this

18 u/YoulNeverWalkAlone 05 Jul 2020 03:14

Reddit is simply a Chinese tool now.

10 u/DanielGregg 05 Jul 2020 04:39

They even have "red" right in the name. Have they always been a Chinese tool and we just didn't know until now?

2 u/vwxyz 05 Jul 2020 15:46

https://www.theverge.com/2020/7/3/21312821/linkedin-app-ios-14-clipboard-copying-fix

24 u/Ourous 05 Jul 2020 03:16

It's really quite surreal that they can call this a "bug" and everything'll be fine. No consequences, for the most part everyone dismisses it because it was an "accident".

10 u/teamfortress2 05 Jul 2020 03:54

To be fair, most apps that are collecting clipboard data (except the ones that obviously do it intentionally like Reddit, Facebook, Google, etc) are probably doing it because of a bug, or an intended function. For example, Apollo for Reddit checks if there's a reddit link in your clipboard and if so, opens it inside the app.

6 u/AngstKitten 05 Jul 2020 11:02

Ah. That’s a good point. I hadn’t thought of that. It’s certainly a useful feature for me though. I can’t figure out why the Reddit app would need clipboard contents

1 u/ShowMeUrBobs 05 Jul 2020 13:38

Yeah it's not necessarily evil... Just because the app is requesting that stuff, doesn't mean it gets sent anywhere, you'd have to watch the network for that

7 u/Kusuri 05 Jul 2020 05:13

"fixing"... yeah.. sure.

6 u/Lemmy 05 Jul 2020 03:59

So they're going to delete the data and make sure it never happens again, right? Somehow I doubt that.

5 u/Rogan 05 Jul 2020 08:28

They’re so gutless. It’s obviously just to see if you have a url in your clipboard that you might be going to post, but they have to pretend like this very specific functionality that would have had to be deliberately included was a complete accident.

2 u/RidingMyKeyboard 05 Jul 2020 22:06

My thoughts exactly, the quote about how they managed to "track down the codepath" for it was quite bizarre. A ndedless and blatant lie. Even if they did have to go and find it: `grep -r UIPasteBoard .` - ta da!

5 u/SlavSuperstar 05 Jul 2020 09:32

Chinese spyware.

2 u/Orion 05 Jul 2020 22:21

I'm definitely more of an androidfag but ngl Apple is pretty based for snitching on apps that do this shit

1 u/retrogamer_wv [OP] 05 Jul 2020 22:34

I think that’s what is surprising me the most. I’m almost willing to bet that feature won’t survive beta testing for iOS14 - not with Tim Cook being in bed with China.

1 u/brimshae 05 Jul 2020 05:11

Why do people even use an app for a website? You have a browser (or two, or three) on your phone. Why do you need another browser specific to one website?

11 u/Kusuri 05 Jul 2020 05:37

apps are often more user-friendly and have more features..you can get notifications while they are closed, don't need to always open a tab, can have a good fullscreen mode etc. etc. etc. - there are a lot of reasons for a app instead of the normal website. mostly because you can do more with an app. websites can't access your storage for the most case (except for a few things) and it's just not rly userfriendly enough for specific things.

5 u/AngstKitten 05 Jul 2020 11:04

Maybe I just haven’t figured out a good workaround yet but Reddit practically forces users to use the app when trying to browse on mobile.

2 u/vwxyz 05 Jul 2020 15:49

Reddit web UI is basically unusable on mobile now. There's so many dark patterns constantly demanding you get the app. A better alternative is RedReader which is open source and much faster than their own shitty app. It's on Google Play and F-droid

1 u/brimshae 05 Jul 2020 18:57

1: Well, you could stop using reddit (also guilty still). 2: Using old.reddit.com helps. 3: If I have to look up something on reddit on my phone I usually use Brave, Old.Reddit, and hit the "Continue" button that pops up on every post. Mostly it just makes me want to not use reddit, so I suppose that's a plus.

1 u/Southbound06 15 Jul 2020 23:06

Get Slide on f-droid. It's so much better and doesn't nag you about anything other than your inbox.

1 u/None 05 Jul 2020 14:18

Something weird is going on. They sent me an email asking me to confirm if an account was mine that I know I deleted around 2-3 years ago. They're up to no good as far as I'm concerned, as I just deleted my more recent account.

1 u/kilkidd 05 Jul 2020 15:40

leave it to chyna to harvest data from everyone

1 u/vwxyz 05 Jul 2020 15:45

This came out about linkedin a few days ago and I bet there's a few dozen prominent companies hoping they can get away with silently removing this nefarious shit on their sites and apps before they get called out too. A lot of sites do this. A lot of apps do this. It's ridiculous and ripe for abuse.

1 u/RidingMyKeyboard 05 Jul 2020 22:01

> “We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL,” At best this was a copy/paste from [StackOverflow](https://stackoverflow.com/questions/12454857/how-to-know-when-text-is-pasted-into-uitextview) - surprisingly iOS can't detect paste events. I still can't work out how the official version of events is supposed to work though; every time you want to make a post, the paste board is checked, and it presumably makes a HTTP request to try and generate a title..? That sounds dumb, and I can't see that being the case. It would disclose paste board contents to the active network connection - not great if you're on a corporate network. It would also completely fail if a user manually enters a URL? If you wanted to do that surely you'd just monitor the input from the text field, waiting until the user is finished? I haven't touched iOS in years, so I'm guessing here.