Do you use LinkedIn’s mobile app on your iPhone or iPad? If you do, then you need to hear this. The New York Times is reporting that the LinkedIn mobile app for iOS is transmitting calendar entries, which may include details of meeting locations, dial-in information, passwords, meeting notes and more, to LinkedIn’s servers – all without the user’s knowledge. Two mobile security researchers Yair Amit and Adi Sharaban found out that the mobile app has an opt-in feature which allows users to view calendar entries within the app. But the crux of the problem happens when users will opt into the feature. That’s because, according to Yair and Adi, LinkedIn automatically transmits their calendar entries to its servers.
The researchers said that LinkedIn grabs details for every calendar on the iOS device, which may include both personal and corporate calendar entries. “In some cases, grabbing users’ sensitive data might be O.K. It is never right to do so without a clear indication. It is far worse when the sensitive information is not really needed in the first place. This is what we found in LinkedIn,” Sharabani said. The two researchers reportedly informed LinkedIn about the problem, but a fix hasn’t been issued by the company. The pair is expected to present their findings at a security workshop at Tel Aviv University tomorrow, Wednesday.