Instead of just pulling the basics of a calendar entries, LinkedIn takes everything—including confidential notes, dial-in numbers, and passwords, and contacts—and stores it on sends it to it servers.
That’s the kind of goof mobile-diary startup Path made. Experts say LinkedIn didn’t need to take that much data. It could have written its code to be more conservative. Technically, it’s in violation of Apple rules for iOS apps, which say that iPhone and iPad apps should only transmit data with users’ permissions.
A LinkedIn spokeswoman told the Times that users have to opt in to calendar sync. But they probably don’t realise how much they’re sharing.
Here’s another statement from LinkedIn: “Ensuring more privacy and control over your personal data remains our highest priority.”
That was Eric Heath, LinkedIn’s director of legal for product. On Friday.
So here’s what happens next: Bloggers get really worked up about LinkedIn’s privacy gaffe. Apple tells LinkedIn to fix its app. LinkedIn fixes it. And everyone forgets about it.
UPDATE: LinkedIn has acknowledged the data leak on its blog. LinkedIn’s mobile apps do send calendar data, the company says, but they do not store it on its servers, as we erroneously reported. LinkedIn is fixing its apps so it no longer accesses meeting notes. And just like we predicted, LinkedIn is fixing it. The Android app is already updated, while LinkedIn is waiting for Apple to approve the fix to the iOS version. Meanwhile, users can turn off the calendar-sync feature in settings.
NOW WATCH: Tech Insider videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.