AAPL Stock: 111.13 ( -0.47 )

Printed from

LinkedIn iPhone app transmits unsecured iCal data home

updated 10:54 am EDT, Wed June 6, 2012

Plain text data transfer in LinkedIn seen as security risk

Security researchers have found that a feature in the LinkedIn mobile app for iOS could be considered a security risk. Yair Amit and Adi Sharabani of Skycure Security found that, although it's an opt-in feature, it gathers and sends information back to LinkedIn when users access their calendar within the app. The insecurity is magnified by the data being transferred in plain text, including meeting details and other information that could be highly sensitive in nature.

The LinkedIn app allows users the option to access their iOS calendars to help with planning meetings and scheduling. It does not mention anything about the information being collected and transferred to LinkedIn's servers, which may be seen as a violation of Apple's privacy guidelines. The amount of information being collected and transmitted also appears to be far higher than what is required by the app, with the firm's blog advising that the implementation required unique identifiers for individuals at the meeting and not information such as locations, titles, notes, and other potentially sensitive corporate details. The issues with data collection is further compounded by the fact that it is transferred as plain text, with no data obfuscation or encryption applied.

The researchers for Skycure Security will be presenting their findings later today at the Yuval Ne'eman workshop annual international conference about cyber security at Tel Aviv University. LinkedIn has updated their company blog, claiming that they do not store calendar information on their servers, and that they don't use the data for any purpose "other than that of matching it with relevant LinkedIn profiles."

Path had a similar issue with collecting user contact lists in its own iOS app, which it then stopped and purged. Apple itself is in a lawsuit concerning location data being collected to optimize device connectivity even after opting out, with a judge allowing the case to proceed despite the fact that data was stored locally and not actually transmitted elsewhere.

by MacNN Staff



  1. WiseWeasel

    Joined: Dec 1969


    It Gets Worse

    LinkedIn had at least 6.5M of their user passwords compromised. If you have a LinkedIn account, now is the time to change your password, along with any sites you may have used the same password for:

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented