Apps Tech News

A report from Skycure Security has revealed a potential “privacy issue” with LinkedIn’s mobile iPhone app as users’ calendar details are unknowingly sent to LinkedIn servers.

LinkedIn’s app allows users – once they’ve opted in – to access their iOS calendars within the app, increasing synchronicity and convenience.

However, researchers have noted that every time the app is launched, five days’ worth of calendar entries are automatically sent out to LinkedIn's servers, including information such as location, time and attendees.

The report notes rather alarmingly that “the names and email addresses of the meeting organiser and attendees are collected even for those who do not have a LinkedIn account”.

The Skycure researchers, Adi Sharabani and Yair Amit, stress however that the feature is fully opt-in only and that they believe LinkedIn did not collate information maliciously “based on [their] good reputation and leadership in the market”.

LinkedIn spokesperson Julie Inouye told the New York Times that the synchronisation was a “clear ‘opt-in’ experience”.

The leak only appears to relate to LinkedIn’s iPhone app – whose 5.0.2 update notes “calendar improvements” – therefore not affecting Android.

Sharabani and Amit note caution with regard to the iPhone, stating their worry that this will violate Apple’s privacy guidelines as sensitive details are sent out without prior consent and explanation.

They will present their findings in full at the Yuval Ne’eman workshop annual conference on cyber security later today.

Perhaps the most worrying aspect of this issue is that the data doesn’t appear at first glance to help LinkedIn’s professional networking ethos and that the data is sent out to LinkedIn in plain text rather than being encrypted.

So why is it being collated? After the furore concerning Color being able to illicitly record users’ conversations last year among others, does this worry you?