iOS Users: Are your LinkedIn login credentials safe?
iPhone and iPad users may be shocked to learn that despite the security provided by iOS, they may be unwittingly providing their LinkedIn email and password to third parties, ‘phishing’ for their details. As many people use the same email/password combination on a variety of websites and services, a smart attacker would not use that information to hijack your LinkedIn account – but to try using those login details for other websites where they can steal your funds or find personal information which could be used to blackmail you.
The tip of the iOS security iceberg
“We may share personal information we collect with our trusted business partners. We also will share personal information with service providers that perform services on our behalf.”
…while placing the burden of figuring out which personal information it is collecting on the user.
“Depending on how you interact with Glassdoor, the personal information we collect from you may vary. … Because we request this information directly, it will be clear what types of personal information we are collecting.”
While their website uses the appropriate referrals to the social media sources for authentication, the app uses its own interface, which makes it pretty clear they reserve the right to collect and share your credentials for LinkedIn, DropBox, and Google.
Altogether this seems in stark contrast to the supposedly comprehensive iOS security Apple offers from personal data collection and dissemination found where apps that access contacts, email, geolocation or built in Facebook and Twitter permissions explicitly ask your permission on a case-by-case basis, and such a contrast in my experience causes a widespread false sense of security where third party apps are concerned. And this isn’t the first time LinkedIn and other related enterprises have been criticized for their privacy failings.
John O’Mara develops apps for iOS and has a personal interest in it’s security.