Security fears over LinkedIn iOS app?
LinkedIn’s app allows users – once they’ve opted in – to access their iOS calendars within the app, increasing synchronicity and convenience.
However, researchers have noted that every time the app is launched, five days’ worth of calendar entries are automatically sent out to LinkedIn's servers, including information such as location, time and attendees.
The report notes rather alarmingly that “the names and email addresses of the meeting organiser and attendees are collected even for those who do not have a LinkedIn account”.
The Skycure researchers, Adi Sharabani and Yair Amit, stress however that the feature is fully opt-in only and that they believe LinkedIn did not collate information maliciously “based on [their] good reputation and leadership in the market”.
LinkedIn spokesperson Julie Inouye told the New York Times that the synchronisation was a “clear ‘opt-in’ experience”.
Sharabani and Amit note caution with regard to the iPhone, stating their worry that this will violate Apple’s privacy guidelines as sensitive details are sent out without prior consent and explanation.
They will present their findings in full at the Yuval Ne’eman workshop annual conference on cyber security later today.
Perhaps the most worrying aspect of this issue is that the data doesn’t appear at first glance to help LinkedIn’s professional networking ethos and that the data is sent out to LinkedIn in plain text rather than being encrypted.
So why is it being collated? After the furore concerning Color being able to illicitly record users’ conversations last year among others, does this worry you?
- » Microsoft Surface Pro “just isn’t there” says IDC analyst - are smaller models on the way?
- » Is 2013 going to be the year of biometric security?
- » Samsung and BlackBerry are secure enough for Pentagon - but not Apple?
- » Facebook Home, skins, and the future of social mobility
- » Enterprise app deployment a struggle, says new research