With the explosive growth of mobile platform, hundreds of thousands of mobile apps are now available. And with the availability of such apps, the issue of security of user data used by these apps has come to limelight. A number of apps, such as Path, have recently been grilled for using the data of the users without their explicit permission.
Now, it seems that LinkedIn is under fire from security researchers who are now alleging that the company’s app automatically moves the calendar entries from its iOS apps to its servers. This is being seen as something which is absolutely unnecessary and at the same time, jeopardizes the security of user’s data.
According to Adi Sharabani of Skycure who first discovered this, “In some cases, grabbing users’ sensitive data might be O.K. It is never right to do so without a clear indication. It is far worse when the sensitive information is not really needed in the first place. This is what we found in LinkedIn.”
However, LinkedIn is of the opinion that the transfers are being made only after getting explicit approval from the users and that the information is gathered only to improve user experience. The official statement from LinkedIn read, “We use information from the meeting data to match LinkedIn profile information about who you’re meeting with so you have more information about that person.”
To further clarify the issue, LinedIn added a post to its official blog regarding this. According to this post, ” For those not familiar with our calendar feature, with your permission, we sync with your mobile device’s calendar to provide information about the people you are about to meet by showing you their LinkedIn profile. In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles. That information is sent securely over SSL and we never share or store your calendar information.”
However, Amit and Sharabani from Skycure, who first discovered the transfer of entries from LinkedIn app, still adamantly hold that this jeopardizes the security of user’s data and the company must abandon it.