It looks like there will be no end to the plethora of security issues that plague the new generation of smartphone platforms. Popular professional social networking site, LinkedIn, has had 6.5 million user accounts and encrypted passwords reportedly leaked and posted in public. Mobile researchers at SkyCure have also reported that the LinkedIn iOS mobile app steals personal info from your phone and uploads to a server. Are the two related? Did the 6.5m breach happen through the mobile app? Some believe so.
An excerpt from SkyCure’s blog:
LinkedIn’s mobile application has an interesting feature that allows users to view their iOS calendars within the app. However, it turns out that LinkedIn have decided to send detailed calendar entries of users to their servers. The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes. If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive your calendar entries and will continue doing so every-time you open your LinkedIn app.
This is not the first time that this issue of violation of privacy of smartphone users is being reported. I have consistently spoken out about this new trend of monitoring and stealing user info via mobile apps. Remember When Your Smartphone Tracks Your Every Keypress, Message And Location. Remember Path?
The mobile is the most personal computing device ever, with lots of people storing notes, memos, appointments and more on it for convenience sake. Where apps are able to siphon this info without the knowledge of users, there is a problem. In this LinkedIn case, the user is not told that such detailed private info are being uploaded anywhere.
While there is no evidence that LinkedIn have used the uploaded info for any malicious use, the problem is there all the same. I don’t want my sensitive or private info in the cloud (remember I raised this recently?), where any group of hackers can access it and then publish or put to other use.
The question is: Is there a way to stop or avoid this? Mobile subscribers’ taste for apps is fast becoming a privacy nightmare. Yes; we wanted it. We got it.
Imagine the possibilities.