The researchers, Yair Amit and Adi Sharabani, discovered that LinkedIn’s mobile app for iOS, Apple’s mobile operating system, included an opt-in feature that allows users to view their iOS calendar entries within the app. Once users opt in to that feature, however, LinkedIn automatically transmits their calendar entries to its servers. LinkedIn grabs details for every calendar on the iOS device, which may include both personal and corporate calendar entries.
And a bit later:
She did not clarify why LinkedIn transmits calendar information to its servers.
This is shady of LinkedIn, but two things strike me about this. It’s opt-in, so the privacy busting feature is off by default — that’s not an excuse, but it makes this entire thing slightly less offensive to me. Basically LinkedIn asks to access your calendar and the user grants it.
The shady part is not that the app gets access to all of this, but that all that calendar data is sent back to LinkedIn servers. This, however, is a failing on Apple’s part.
This is the very thing that the App Store was made to protect users from: shady companies, doing shady stuff with your personal data.
LinkedIn = shady company. Sending calendar data to remote servers = shady stuff. Calendar data = personal data.
We already know LinkedIn is a SPAM king, so what would you expect from them? Nothing less than this.
In my view, the failing here is on Apple.