LinkedIn app quietly transmitting personal data?

A view of the LinkedIn iPad app, and its optional calendar data function. LinkedIn

This article originally appeared on CBSNews.com's sister site, CNET.com.

LinkedIn's iOS app is collecting information from calendar entries, including passwords and meeting notes, and transmitting it back to the company's servers without their knowledge, according two mobile security researchers.

The business-networking giant's app for Apple's iPad and iPhone has an opt-in feature that allows users to view their calendar entries within the app. However, researchers Yair Amit and Adi Sharabani discovered that once enabled by the user, the app automatically transmits users' calendar entries back to LinkedIn servers. The pair expects to present their findings at a security workshop at Tel Aviv University tomorrow.

The transmission of data, which is not revealed to users, may violate Apple's privacy guidelines, which prohibit apps from collecting and transmitting users' data without their express permission. Controversy erupted earlier this year when Path -- a popular iOS and Android application -- was found to be collecting user contact information without permission. Path issued an apology on the issue introduced an updated version that required users to opt-in to the feature.

Apple promised a fix that would prevent the behavior in the future, and a U.S. House subcommittee sent a letter to Apple asking why it doesn't force app developers to ask users for permission before downloading contacts.

Related content from CNET.com:

Privacy suit filed against Path, Twitter, Apple, Facebook, others
Privacy dilemma for developers: Apple to the rescue?
Path CEO vows stricter protection of user data

The researchers said they had contacted LinkedIn about their findings but that the issue has yet to be resolved. But they also said they didn't believe the social network used the data in a malicious way.

"However, we are concerned by the fact it collects and sends-out sensitive information about its users, without a clear indication and consent," Amit said in a blog post describing the issue.

While user contact data is valuable in helping to attract more users to the app, the researchers said there was no legitimate reason for LinkedIn to be collecting calendar data.

"The biggest problematic factor lies in the fact that most of the transmitted information is not required for the app's functionality," Amit said.

LinkedIn representatives did not immediately respond to a CNET request for comment but pointed out to the New York Times report that the feature is an "opt-in experience" that users can opt out of at any time.

"We use information from the meeting data to match LinkedIn profile information about who you're meeting with so you have more information about that person," LinkedIn spokesperson Julie Inouye said.

CNET has contacted Apple and will update this report when we learn more.

  • Steven Musil On Twitter»

    Steven Musil is the night news editor at CNET News. Before joining CNET News in 2000, Steven spent 10 years at various Bay Area newspapers. E-mail Steven.

Comments