Printed from

LinkedIn iPhone app transmits unsecured iCal data home

updated 10:54 am EDT, Wed June 6, 2012

Plain text data transfer in LinkedIn seen as security risk

Security researchers have found that a feature in the LinkedIn mobile app for iOS could be considered a security risk. Yair Amit and Adi Sharabani of Skycure Security found that, although it's an opt-in feature, it gathers and sends information back to LinkedIn when users access their calendar within the app. The insecurity is magnified by the data being transferred in plain text, including meeting details and other information that could be highly sensitive in nature.

The LinkedIn app allows users the option to access their iOS calendars to help with planning meetings and scheduling. It does not mention anything about the information being collected and transferred to LinkedIn's servers, which may be seen as a violation of Apple's privacy guidelines. The amount of information being collected and transmitted also appears to be far higher than what is required by the app, with the firm's blog advising that the implementation required unique identifiers for individuals at the meeting and not information such as locations, titles, notes, and other potentially sensitive corporate details. The issues with data collection is further compounded by the fact that it is transferred as plain text, with no data obfuscation or encryption applied.

The researchers for Skycure Security will be presenting their findings later today at the Yuval Ne'eman workshop annual international conference about cyber security at Tel Aviv University. LinkedIn has updated their company blog, claiming that they do not store calendar information on their servers, and that they don't use the data for any purpose "other than that of matching it with relevant LinkedIn profiles."

Path had a similar issue with collecting user contact lists in its own iOS app, which it then stopped and purged. Apple itself is in a lawsuit concerning location data being collected to optimize device connectivity even after opting out, with a judge allowing the case to proceed despite the fact that data was stored locally and not actually transmitted elsewhere.

By Electronista Staff
Post tools:




  1. WiseWeasel

    Junior Member

    Joined: Apr 1999


    It Gets Worse

    LinkedIn had at least 6.5M of their user passwords compromised. If you have a LinkedIn account, now is the time to change your password, along with any sites you may have used the same password for:

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Linksys WRT1200AC Wi-Fi Router

Once upon a time, a brand-new Linksys router showed up on our doorstep. So we gathered some network-minded friends together, and hooke ...

Rapoo A300 Mini Bluetooth NFC Speaker

The Rapoo Bluetooth Mini NFC Speaker is a little metallic box about the size of a baseball. In spite of its small size, we were very p ...

Neurio Intelligent Home Monitor

The recently released Neurio Intelligent Home Monitor is a piece of hardware that, when integrated into a home's breaker box, monitors ...



Most Commented


Popular News