LinkedIn app quietly transmitting personal data?

A view of the LinkedIn iPad app, and its optional calendar data function. / LinkedIn

This article originally appeared on CBSNews.com's sister site, CNET.com.

LinkedIn's iOS app is collecting information from calendar entries, including passwords and meeting notes, and transmitting it back to the company's servers without their knowledge, according two mobile security researchers.

The business-networking giant's app for Apple's iPad and iPhone has an opt-in feature that allows users to view their calendar entries within the app. However, researchers Yair Amit and Adi Sharabani discovered that once enabled by the user, the app automatically transmits users' calendar entries back to LinkedIn servers. The pair expects to present their findings at a security workshop at Tel Aviv University tomorrow.

The transmission of data, which is not revealed to users, may violate Apple's privacy guidelines, which prohibit apps from collecting and transmitting users' data without their express permission. Controversy erupted earlier this year when Path -- a popular iOS and Android application -- was

Path shares photos--oh, and uploads your contacts, too

without permission. Path issued an apology on the issue introduced an updated version that required users to opt-in to the feature.

Apple promised a fix that would prevent the behavior in the future, and a U.S. House subcommittee sent a letter to Apple asking why it doesn't force app developers to ask users for permission before downloading contacts.

Related content from CNET.com:

Privacy suit filed against Path, Twitter, Apple, Facebook, others
Privacy dilemma for developers: Apple to the rescue?
Path CEO vows stricter protection of user data

The researchers said they had contacted LinkedIn about their findings but that the issue has yet to be resolved. But they also said they didn't believe the social network used the data in a malicious way.

"However, we are concerned by the fact it collects and sends-out sensitive information about its users, without a clear indication and consent," Amit said in a blog post describing the issue.

While user contact data is valuable in helping to attract more users to the app, the researchers said there was no legitimate reason for LinkedIn to be collecting calendar data.

"The biggest problematic factor lies in the fact that most of the transmitted information is not required for the app's functionality," Amit said.

LinkedIn representatives did not immediately respond to a CNET request for comment but pointed out to the New York Times report that the feature is an "opt-in experience" that users can opt out of at any time.

"We use information from the meeting data to match LinkedIn profile information about who you're meeting with so you have more information about that person," LinkedIn spokesperson Julie Inouye said.

CNET has contacted Apple and will update this report when we learn more.

[ralphing]

Why do all these social sites think that everyone wants to share all of their information with everybody? They create holes in their systems to allow this then try to say they thought you would want this feature, that's why they didn't mention it.

I have a LinkedIn account, just to say I have one, but I don't post on it or provide them with any personal data. I thought it was cool when they downloaded my contact list to link me with others who have LinkedIn, but quickly deleted my list when I saw how they were it for other things. They are real sneaky how they try to get you click on a link allowing them to do it again.

Be careful.

[jtdev1]

They should change the name to "Leaked Out"

[omnibus66]

Up until a few weeks ago, I had never even heard of Linkedin. Then I started receiving emails from them with suspicious looking links. I now have a block on them. Looks to me that like they are in the phishing business.

[ralphing]

Those are plishing attacks from others, not Linkedin. I have an account and was getting them myself.