LinkedIn App Steals Info. from Your Phones

This is hard to believe but it’s true. The LinkedIn App designed for iPhone and for Android phones actually steals information from your phone and sends them to a secret server. The information taken from your phone without your expressed consent are taken from your Calendar and include participant lists, subjects of entries, times of meetings, and any attached meeting notes (such as dial-in details and passcodes). The LinkedIn app manages to gain access to your calendar items because it has a feature that allows you to view your calendar from within the app itself. Researchers have discovered that the app gleans users’ calendar items from your phones. This discovery was made by Security Researchers Yair Amit and Adi Sharabani. They noted that the app then transmits this information to LinkedIn’s servers without any clear indication to the user that this is happening. They also noted that the information being collected by the LinkedIn app has no apparent relevance to the app’s functionality, though they do not think LinkedIn has included this functionality with malicious intentions. “However, we are concerned by the fact it collects and sends-out sensitive information about its users, without a clear indication and consent,” the researchers wrote.

LinkedIn was quick to respond to these allegations. While not denying the charges against them, they say the app does ask for permission when accessing the calendar (though it doesn’t explicitly tell users it’s going to upload the data), and says the feature can be turned off at any time. They also claim that the data collected is never used for anything other than to “match LinkedIn profile information about who you’re meeting with so you have more information about that person”

In a blog post, LinkedIn said:

“In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles. That information is sent securely over SSL and we never share or store your calendar information,” the company wrote. “In an effort to make that algorithm for matching people with profiles increasingly smarter we pull the complete calendar event, including email addresses of people you are meeting with, meeting subject, location and meeting notes.”

While not suspecting LinkedIn of malicious intentions, we feel the uses of the app have rights to know what the app is doing on their phones.

What is your take on this?

Please feel free to make your comments below.



– Posted using BlogPress


Leave a Reply

Your email address will not be published. Required fields are marked *