Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Data Leaks

June 6th, 2012, 09:39 GMT · By

Privacy Issue: LinkedIn for iOS Collects Calendar Entries

SHARE:

Adjust text size:

LinkedIn app for iOS transmits data in clear text back to the company's servers
Enlarge picture
Researchers from Skycure Security have taken their time to analyze the iOS version of the LinkedIn application and they’ve discovered what they call a privacy issue. They have reached the conclusion after they found that the mobile app sends detailed calendar entries back to the company’s servers.

The feature itself is interesting because it allows users to view their phone’s internal calendar inside the app. However, the fact that all the data is sent back to LinkedIn’s servers raises some concerns.

According to experts Adi Sharabani and Yair Amit, the application sends the list of meetings, subjects, locations, the time at which the meeting is scheduled, and even personal notes.

These last records are the most problematic because in many cases they contain conference details and even access passwords.

Amit and Sharabani highlight the fact that all customers who have opted in to the calendar feature are affected by this mechanism.

“While accessing this information locally by the app is not a problem by itself, this information is collected and transmitted to LinkedIn’s servers; moreover, this action is currently performed without a clear indication from the app to the user, thus possibly violating Apple’s privacy guidelines,” they explain.

Their belief is that LinkedIn isn’t collecting the information for malicious reasons. However, they do offer some advice to both LinkedIn and Apple on how to ensure that their customers’ privacy is not violated or exposed to certain risks.

First, LinkedIn should “refrain” from collecting full meeting details. Instead, the app should send only a relevant subset of data back to the servers. The fact that the data is sent back in clear text is also problematic, the experts recommending the use of hashes.

Finally, the company should clearly inform users on what data is collected.

As far as Apple is concerned, the Cupertino giant should, according to the researchers, improve its verification processes to ensure that apps don’t collect sensitive information without clearly notifying the user.


1,925 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Fake Facebook Privacy Notice Allegedly Stops Government from Snooping
AlienVault: Firms Fear That Security Breaches Could Cost Lives
AntiSec Hackers Reveal Security Holes in the UK’s NHS
White House, DHS, Aided by Private Sector in Combating Botnets
LEGO Australia Exposes Credit Card Details of 1,182 Individuals

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use