Connect with us

Hi, what are you looking for?


Mobile & Wireless

LinkedIn’s Mobile App is Harvesting User Information – Here’s How to Fix It

Two researchers in Israel, Yair Amit and Adi Sharabani, recently disclosed that LinkedIn’s mobile application for iOS was transmitting calendar information back to the business social network, without the user being aware in most cases.

Two researchers in Israel, Yair Amit and Adi Sharabani, recently disclosed that LinkedIn’s mobile application for iOS was transmitting calendar information back to the business social network, without the user being aware in most cases.

The feature is opt-in, and it allows LinkedIn subscribers to view their iOS calendar information via the site’s mobile app. Once users agree, the mobile app will transmit calendar information, including meeting locations, participant information, dial-in details (numbers and passcodes), and meeting notes back to LinkedIn’s servers. Both personal and corporate calendars are included in the data collection.

LinkedIn Calendar Security

According to their research, each time a user launches LinkedIn’s app on a connected iOS device, it automatically sends out all of your calendar entries for a five-days time frame. “This applies to all calendars configured in the iOS machine, whether they are associated with your private email account or the corporate Exchange account,” Sharabani, who serves as CEO of Skycure Security explained.

LinkedIn Mobile App Leaking Data

“If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive all of your calendar entries for a five-day time frame, and will continue doing so every time you open your LinkedIn app… The biggest problematic factor lies in the fact that most of the transmitted information is not required for the app’s functionality,” Sharabani explained in a document he provided to SecurityWeek over the weekend.

“As I said before, in some cases, grabbing users’ sensitive data might be okay. It is never right to do so without a clear indication,” Adi said. “It is far worse when the sensitive information is not really needed in the first place.”

When confronted with the research, LinkedIn told The New York Times that they use the collected information “to match LinkedIn profile information about who you’re meeting with so you have more information about that person.”

However, is there is a way to opt-out of the data collection. The steps below will work for the iPhone version of the app, as well as the iPad version.

1. Click on the LinkedIn icon in the upper left part of the screen

Advertisement. Scroll to continue reading.

2. Click on the “You” view

3. Click on the settings icon in the upper right part of the screen

4. Click on the “Add Calendar” option in the Settings page

5. Toggle off the “Add Your Calendar” option.

LinkedIn has not yet commented on what happens to the information once it is collected and determined that it isn’t relevant, such as storage and removal policies. The researchers reported the problems to LinkedIn’s risk and privacy team, but as of Tuesday evening, they remained unchanged, likely do to the fact that the social portal for the corporate world sees the data collection as a feature, and not a true concern.

Sharabani will be presenting his findings at a Cyber Security conference in taking place at Tel Aviv University later today.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.