Israeli experts: LinkedIn app transmits user data without consent
Skycure founders Yair Amit and Adi Sharabani say social network transmits users' calendar entries back to its servers without permission
International social network LinkedIn is collecting personal information from its users without their consent, according to Israeli computer security experts.
The business-networking giant's app for Apple's iPad and iPhone has an opt-in feature that allows users to view their calendar entries within the app. However, researchers Yair Amit and Adi Sharabani, the founders of Skycure, discovered that once enabled by the user, the app automatically transmits users' calendar entries back to LinkedIn servers.
Yedioth Ahronoth reported that Amit and Sharabani were expected to present their findings at a security workshop at Tel Aviv University on Wednesday.
"The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes," the pair wrote on their website.
"If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive your calendar entries and will continue doing so every-time you open your LinkedIn app," Amit and Sharabani explained.
"For some reason, LinkedIn has decided to draw personal information from the calenders and transfer it to its servers without the explicit consent of its users."
The Skycure founders stressed that they do not believe LinkedIn uses the data in a malicious way. "However, we are concerned by the fact it collects and sends out sensitive information about its users, without a clear indication and consent," Amit said in a blog post.
The Israeli researchers said there was no legitimate reason for LinkedIn to be collecting calendar data.
"The biggest problematic factor lies in the fact that most of the transmitted information is not required for the app's functionality," Amit said.
LinkedIn spokesperson Julie Inouye told the New York Times that the feature is an "opt-in experience" that users can opt out of at any time.
"We use information from the meeting data to match LinkedIn profile information about who you're meeting with so you have more information about that person," she said.
Controversy erupted earlier this year when Path - a popular iOS and Android application - was uploading users' entire address books without their permission.
