LinkedIn’s Epic Security And Privacy Fail

LinkedIn released a new version of their iOS app a few days ago that includes a feature named Intro. It’s an interesting feature, integrating LinkedIn data to your emails. But the way they’re doing it is a spectacular fail. When you enable it, they add a profile to your iOS system that proxies all of your email through their servers. Yeah, they send your mail to them, scan it, modify it, then send it back. They claim it’s encrypted for privacy, but really, that’s a really lame claim since they’ve got to decrypt it in order to scan and inject their content in to it. Do we really need to go over all the ways that this is a seriously bad idea? I’ll leave it up to the reader (all two or three of you, based on traffic stats) to decide whether or not you want a third party to have access to all of your electronic correspondence. It’s not like the NSA couldn’t put hooks in LinkedIn’s servers or anything.

I’ve deleted the app and won’t install it again. I’ve also checked my settings to make sure there are no additional profiles installed. If you want to see if it’s got its hooks installed, go to Settings->General->Profiles. If there are any LinkedIn profiles, delete them.

Here is a link to their official uninstall instructions.