Oh-oh those who keep their calendars in the LinkedIn iPhone an Android app could have been setting appointments with a security risk.
The LinkedIn app lets users view their iOS/Android calendar in the app, the details of the calendar data were being sent to the LinkedIn servers.
According to security consultants from Skycure Security:
"The (iPhone) app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes. If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive your calendar entries and will continue doing so every-time you open your LinkedIn app."
The app didnn't ask permission of the user which makes it threat to Apple's privacy guidelines.
Skycure suggested that the LinkedIn app should refrain from sending full meeting details to their servers. Instead, the app should communicate to LinkedIn’s servers only a small relevant subset such as the attendees of the meeting.
They suggested that Apple should approve its app screening process. They don't think that LinkdedIn has malicious intent for harvesting the information. To prevent data leaks they suggest that LinkdedIn iPhone app users shut off the calendar function within in the app.
Within a day of the knowing about the data issue, LinkedIn responded.
"We will no longer send data from the meeting notes section of your calendar event," Joff Redfern, LinkedIn's head of mobile products, wrote in a blog today.
He further clarified "In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles. That information is sent securely over SSL and we never share or store your calendar information.In an effort to make that algorithm for matching people with profiles increasingly smarter we pull the complete calendar event, including email addresses of people you are meeting with, meeting subject, location and meeting notes.'
He also noted that LinkedIn does not store any calendar information or share it without your permission.
The Android app has already been changed and the LinkedIn app will no longer send data from the meeting notes section of your calendar event. There will be a new “learn more” link to provide more information about how your calendar data is being used.