According to Skycure Security researchers Yair Amit and Adi Sharabani, LinkedIn’s mobile app for iOS uploads detailed meeting data to the company’s servers — including participants’ names, subject, location, time, and even personal meeting notes.
“These last records are the most problematic because in many cases they contain conference details and even access passwords,” writes Softpedia’s Eduard Kovacs. “Amit and Sharabani highlight the fact that all customers who have opted in to the calendar feature are affected by this mechanism.”
“Amit and Sharabani plan to present their report at a cyber security conference in Tel Aviv on Wednesday,” writes Ars Technica’s Jacqui Cheng. “In their report seen by Ars, they note that the information being collected by the LinkedIn app has no apparent relevance to the app’s functionality, though they don’t believe LinkedIn has included this functionality maliciously. ‘However, we are concerned by the fact it collects and sends-out sensitive information about its users, without a clear indication and consent,’ the researchers wrote.”
“That practice, which is not communicated to users, may violate Apple’s privacy guidelines, which expressly prohibit any app from transmitting users’ data without their permission,” writes The New York Times’ Nicole Perlroth. “A similar practice came to light earlier this year when a developer noticed that Path, the popular mobile social network, was uploading entire address books to its servers without users’ knowledge. That practice came under scrutiny by members of Congress. In response, Path said it would stop the practice and destroy the data it had collected.”
“LinkedIn’s Joff Redfern has responded to the claims by promising to improve the mobile app by no longer sending data from the meeting notes section of users’ calendar events,” writes Silicon Republic’s John Kennedy. “He added it will provide a ‘learn more’ link to provide more information about how calendar data is used. These improvements have gone live on Android and have been submitted to the Apple store for approval.”