AAPL Stock: 118.39 ( + 0.09 )

Printed from

LinkedIn iPhone app transmits unsecured iCal data home

updated 10:54 am EDT, Wed June 6, 2012

Plain text data transfer in LinkedIn seen as security risk

Security researchers have found that a feature in the LinkedIn mobile app for iOS could be considered a security risk. Yair Amit and Adi Sharabani of Skycure Security found that, although it's an opt-in feature, it gathers and sends information back to LinkedIn when users access their calendar within the app. The insecurity is magnified by the data being transferred in plain text, including meeting details and other information that could be highly sensitive in nature.

The LinkedIn app allows users the option to access their iOS calendars to help with planning meetings and scheduling. It does not mention anything about the information being collected and transferred to LinkedIn's servers, which may be seen as a violation of Apple's privacy guidelines. The amount of information being collected and transmitted also appears to be far higher than what is required by the app, with the firm's blog advising that the implementation required unique identifiers for individuals at the meeting and not information such as locations, titles, notes, and other potentially sensitive corporate details. The issues with data collection is further compounded by the fact that it is transferred as plain text, with no data obfuscation or encryption applied.

The researchers for Skycure Security will be presenting their findings later today at the Yuval Ne'eman workshop annual international conference about cyber security at Tel Aviv University. LinkedIn has updated their company blog, claiming that they do not store calendar information on their servers, and that they don't use the data for any purpose "other than that of matching it with relevant LinkedIn profiles."

Path had a similar issue with collecting user contact lists in its own iOS app, which it then stopped and purged. Apple itself is in a lawsuit concerning location data being collected to optimize device connectivity even after opting out, with a judge allowing the case to proceed despite the fact that data was stored locally and not actually transmitted elsewhere.

by MacNN Staff



  1. WiseWeasel

    Joined: Dec 1969


    It Gets Worse

    LinkedIn had at least 6.5M of their user passwords compromised. If you have a LinkedIn account, now is the time to change your password, along with any sites you may have used the same password for:

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented