The Daily Beast reports that Facebook knows what you just copied and pasted on your phone (link). Then, when the engineers try to explain what they are doing, it feels a bit more creepy, as usual.
We all copy text and then paste it somewhere else. This can be a web link that we are transporting from one app to another, or from an email app to a browser, etc. It can be a password, because we have made it so "secure" that we couldn't memorize it. The copy-and-paste technology has been around forever. It works the same way on phones as on computers.
The act of copying means that the computer (or device) stores the text in something known as the "clipboard". The copied text remains there until the application is closed. In Word, for example, when you close the application, it sometimes warns you that "a large amount of text is in the clipboard. Do you really want to quit and remove all that text?"
The reporter discovered that app developers (not limited to Facebook) are harvesting that text in your phone's clipboard. You wouldn't know unless you encounter some action taken by the developer based on information in your clipboard, like the author of the article did. Because she copied and pasted a link, Facebook later suggested that she share that link with her entire network.
As she pressed on, she learned more about this Facebook feature. Even if the Facebook app is closed, this snooping is still happening. Facebook told her they only pick up text that looks like web links. Facebook said they do not store this information. etc. etc.
The machine does not distinguish between fake and not fake links, and will prompt you to share fake links. The machine also cannot discern your motives for copying and pasting. What you are copying and pasting could be private information, or links you have no intention of sharing with anyone.
Any of these app developers can grab any text in your clipboard, including passwords, and any of them can attach all that text to the profiles they are compiling on you behind the scenes. They say they are not doing it. How would we know for sure?
The other issue is that as usual, none of this is disclosed until someone asks the question.