LinkedIn’s app transmits user data without their knowledge

June 6, 2012 – 4:47 AM

LinkedIn’s iOS app is collecting information from calendar entries, including passwords and meeting notes, and transmitting it back to the company’s servers without their knowledge, according two mobile security researchers.

The business-networking giant’s app for Apple’s iPad and iPhone has an opt-in feature that allows users to view their calendar entries within the app. However, researchers Yair Amit and Adi Sharabani discovered that once enabled by the user, the app automatically transmits users’ calendar entries back to LinkedIn servers. The pair expects to present their findings at a security workshop at Tel Aviv University tomorrow.

The transmission of data, which is not revealed to users, may violate Apple’s privacy guidelines, which prohibit apps from collecting and transmitting users’ data without their express permission. Controversy erupted earlier this year when Path — a popular iOS and Android application — was found to be collecting user contact information without permission. Path issued an apology on the issue introduced an updated version that required users to opt-in to the feature.


You must be logged in to post a comment.