Facebook knows when you copy a link, even if the app is closed
Facebook is not particularly known for its privacy and the latest feature in its mobile App takes the cake. A feature of Apple’s new operating system for the iPhone tracks what users copy and paste. Facebook Messenger for iOS takes advantage of that feature, suggesting that users share a URL they copy.
Though this is done under the garb of helping the Facebook user remember a link he/she has copied, having spied on your clipboard is a bad idea. The feature which was rolled out during Facebook’s latest mobile update on October 7, is right now present only on iOS 9 run devices and a select few.
“This feature is currently testing with a small percentage of people who use Facebook for iPhone,” Facebook spokesperson Daniel Harrison told the Daily Beast.
Daily Beast’s Kelly Weill was surprised when Facebook suggested she post the link to a recipe for “30-minute quinoa chili” for all my friends. She says that she had copied the link onto the clipboard for sharing it with her friends and relatives. But what worries her most is that just before the link, she had copied a single-use password, which she says could be seen by someone at Facebook given their new snooping powers.
“Facebook is not able to see what the link is, only that there is text that fits the standard URL format,” Harrison said, adding that Facebook does not save users’ information after it has been removed from the clipboard. This recognition software prevents the app from scraping text that does not look like a URL, like passwords or emails, Harrison said. It’s not a perfect system, though: broken or fake links like “” are still automatically recommended for posts.
Cybersecurity blogger, Graham Cluley says that Facebook may be the newest app to spy on your clipboard but it is not the first. “Many iOS apps can access the clipboard and do something similar to what you’re describing. For instance, Flipboard, Doesn’t sound untoward to me.”
“I’m likely to copy and paste is content I can’t remember, things like passwords (from a password management app) or one-time PINs,” Christian Frichot wrote in a blog post. “To assume that the Facebook app would do something malicious with this content is silly. But the fact that their app (and any other app) can access that content without user-interaction or permission is slightly unnerving.”