LinkedIn app: another #fail for Apple’s iOS when it comes to protecting your privacy
Some “media experts” and some consumers and companies believe that because Apple is curating apps you can find in their apps store, they face a lesser chance of being infected with malware or of using badly written apps which don’t perform well or leak information.
Well, once again (remember Instagram?), a security researcher proved that iOS is missing basic privacy protection mechanisms and that pretending to check apps to protect users is only an excuse to make money by taking a cut of the profit. Apple simply can’t control, in detail, what is in every app they release.
So this time, we have the LinkedIn app which is sending users’ calendar meetings to the LinkedIn servers without the user knowing about it… This can be especially dangerous when things such as conference call phone numbers and passcodes are stored in the event itself. Fortunately, there is a way to turn that feature off, by simply refusing to let LinkedIn show the calendars in the app itself.
But it doesn’t solve the big privacy issues plaguing iOS, a 5 year old OS which was never built to be secure, but to look smooth and to be very easy to use in order to kill Nokia’s Symbian. Apple has tried multiple times to implement enterprise features, but most attempts have failed as it’s simply not in Apple’s DNA to build a secure OS. SMEs and corporations usually have to rely on 3rd party solutions to try and make these devices usable in a business environment.