Mobile security researchers have discovered that LinkedIn's mobile app is transmitting personal data from calendar entries back to LinkedIn's servers without users' knowledge.
The LinkedIn app for iOS, Apple's mobile operating system, has a feature that lets users view their IOS calendar entries. But when a user opts in to the service, details including meeting locations, participants, dial-in information, and passwords are automatically transferred to LinkedIn's servers. The professional social network has come under fire for the practice, which may violate Apple's privacy guidelines.
The researchers will present their findings on Wednesday at a security workshop at Tel Aviv University.
LinkedIn has not yet said why it transmits personal data to its servers without users' knowledge. The company hired Maloney & Fox as its consumer AOR in January after a review.
From The New York Times:
“We use information from the meeting data to match LinkedIn profile information about who you're meeting with so you have more information about that person,” said Julie Inouye, a LinkedIn spokeswoman.
Update: LinkedIn clarified its mobile app policy with a blog on its corporate site today.
“With your permission, we sync with your mobile device's calendar to provide information about the people you are about to meet by showing you their LinkedIn profile.
In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles. That information is sent securely over SSL and we never share or store your calendar information.”