Responding to claims that its iOS app transmits meeting notes from users’ calendars, business social network LinkedIn says it will no longer send data from the meeting notes section of calendar events. It has also denied it stores users’ calendar information on its servers.
A furor emerged after Skycure researchers Adi Sharabani and Yair Amit discovered that LinkedIn’s mobile app for iOS devices collected meeting notes and details from users’ devices’ calendars and sent them back to its servers.
Writing in their blog the researchers said: “While accessing this information locally by the app is not a problem by itself, this information is collected and transmitted to LinkedIn’s servers; moreover, this action is currently performed without a clear indication from the app to the user, thus possibly violating Apple’s privacy guidelines (section 17.1: ‘Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used’).”
They added: “Every time you launch LinkedIn’s app for iPhone, it automatically sends out all of your calendar entries for a five-days time frame. The meetings information is being collected from all the calendars on the iOS machine, thus possibly exposing information from both personal and corporate calendar accounts.”
LinkedIn improves its iOS and Android app security
LinkedIn’s Joff Redfern has responded to the claims by promising to improve the mobile app by no longer sending data from the meeting notes section of users’ calendar events. He added it will provide a ‘learn more’ link to provide more information about how calendar data is used.
These improvements have gone live on Android and have been submitted to the Apple store for approval.
He said LinkedIn requests users’ permission before accessing the calendar and that this will remain an opt-in feature and users have a way to to turn off the calendar feature at any time in the settings. He said LinkedIn only sends calendar data to the servers when the app is launched in order to match with relevant profiles of meeting attendees.
Redfern also denied LinkedIn stores calendar information on its servers and said the network doesn’t share calendar data for purposes other than matching with relevant LinkedIn profiles.
Redfern explained: “You may have seen a few press stories highlighting concerns about how your data is used in the opt-in calendar feature of our mobile phone apps. We deeply care about our members’ trust so I want to provide clarity around what we do, don’t do, and outline ways we are going to make a great feature even better.
“For those not familiar with our calendar feature, with your permission, we sync with your mobile device’s calendar to provide information about the people you are about to meet by showing you their LinkedIn profile.
“In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles. That information is sent securely over SSL and we never share or store your calendar information.
“In an effort to make that algorithm for matching people with profiles increasingly smarter we pull the complete calendar event, including email addresses of people you are meeting with, meeting subject, location and meeting notes,” Redfern said.