Professional networking site LinkedIn is making headlines today for a reported security breach that may involve the leak of 6.5 million passwords. However, that’s not the only security issue plaguing LinkedIn today, as security researchers recently reported that the service’s mobile app has been collecting private calendar notes from iPhone and iPad users without their knowledge. LinkedIn has confirmed the researcher findings and has updated its app today to limit the information collected.
LinkedIn introduced a new opt-in feature back in April that allowed its iOS and Android apps to use calendar event details to identify LinkedIn profiles. However, security researchers from Skycure Security have found that the feature on LinkedIn’s iOS app doesn’t just inspect the details on the device, but also sends all the information back to LinkedIn’s servers.
And since many private details are saved in calendar meeting notes, such as conference call numbers and passcodes, this poses a serious privacy risk. Additionally, the LinkedIn iOS app does not clearly inform users that it is transmitting this information, which would possibly be violating Apple’s privacy guidelines.
LinkedIn’s head of mobile products Joff Redfern has responded to the concerns today, confirming that the company does indeed collect and transmit all calendar event details, but thta the information is transmitted over SSL connections and that the information is not stored on the servers. Redfern says the information is only gathered from those who opted into the feature and is only used to help make LinkedIn’s profile matching algorithm increasingly smarter.
However, in the face of such concerns, LinkedIn has decided to limit the data it collects from calendar notes although the calendar integration will remain an opt-in feature. The update has already been implemented on the Android app, while the change has been submitted to the Apple store and will be available soon. Users wanting to immediately stop the collection of calendar details, cam turn the feature off in the app’s settings.