Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

LinkedIn’s Mobile App is Harvesting User Information – Here’s How to Fix It

Two researchers in Israel, Yair Amit and Adi Sharabani, recently disclosed that LinkedIn’s mobile application for iOS was transmitting calendar information back to the business social network, without the user being aware in most cases.

Two researchers in Israel, Yair Amit and Adi Sharabani, recently disclosed that LinkedIn’s mobile application for iOS was transmitting calendar information back to the business social network, without the user being aware in most cases.

The feature is opt-in, and it allows LinkedIn subscribers to view their iOS calendar information via the site’s mobile app. Once users agree, the mobile app will transmit calendar information, including meeting locations, participant information, dial-in details (numbers and passcodes), and meeting notes back to LinkedIn’s servers. Both personal and corporate calendars are included in the data collection.

LinkedIn Calendar Security

According to their research, each time a user launches LinkedIn’s app on a connected iOS device, it automatically sends out all of your calendar entries for a five-days time frame. “This applies to all calendars configured in the iOS machine, whether they are associated with your private email account or the corporate Exchange account,” Sharabani, who serves as CEO of Skycure Security explained.

LinkedIn Mobile App Leaking Data

“If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive all of your calendar entries for a five-day time frame, and will continue doing so every time you open your LinkedIn app… The biggest problematic factor lies in the fact that most of the transmitted information is not required for the app’s functionality,” Sharabani explained in a document he provided to SecurityWeek over the weekend.

“As I said before, in some cases, grabbing users’ sensitive data might be okay. It is never right to do so without a clear indication,” Adi said. “It is far worse when the sensitive information is not really needed in the first place.”

When confronted with the research, LinkedIn told The New York Times that they use the collected information “to match LinkedIn profile information about who you’re meeting with so you have more information about that person.”

However, is there is a way to opt-out of the data collection. The steps below will work for the iPhone version of the app, as well as the iPad version.

1. Click on the LinkedIn icon in the upper left part of the screen

2. Click on the “You” view

Advertisement. Scroll to continue reading.

3. Click on the settings icon in the upper right part of the screen

4. Click on the “Add Calendar” option in the Settings page

5. Toggle off the “Add Your Calendar” option.

LinkedIn has not yet commented on what happens to the information once it is collected and determined that it isn’t relevant, such as storage and removal policies. The researchers reported the problems to LinkedIn’s risk and privacy team, but as of Tuesday evening, they remained unchanged, likely do to the fact that the social portal for the corporate world sees the data collection as a feature, and not a true concern.

Sharabani will be presenting his findings at a Cyber Security conference in taking place at Tel Aviv University later today.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...