LinkedIn Introduces Insecurity ⇥ bishopfox.com

On Wednesday, LinkedIn introduced a product called Intro, which adds a LinkedIn profile directly in the default iOS Mail app. Impossible, right?

Not exactly. It moves all of your email accounts through a proxy which LinkedIn controls. The proxy injects the LinkedIn profile card, and sends it to the default Mail client. Installing it is made possible by way of an iOS configuration profile. Clever, right?

Bishop Fox:

Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to… whatever they feel like.

Ominous undertones aside, this is potentially disastrous for all of the reasons that Bishop Fox lists: it’s creepy that LinkedIn stores all your email, their privacy policy is vague, and in the wake of the potpourri of NSA revelations, it’s probably not advisable. I’ll add one more, though: LinkedIn has a poor history when it comes to email. Their notifications are spammy, often irrelevant, and difficult to opt out of. Why would I want them going anywhere near my email?