LinkedIn Intro’s security nightmare →
Bishop Fox:
Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to…whatever they feel like.
LinkedIn is offering to take control of iOS devices via MDM security profile to set themselves as a rewriting-proxy email server under the guise of a cool new feature that millions of people will probably install. Technically, you could argue that this is opt-in, but it has massive security ramifications beyond what users should be expected to predict or understand.
Apple better already be paying attention to this. While it’s within the technical capability of iOS MDM profiles, it’s almost certainly violating the spirit of any common-sense rules or standards. Apple probably has enough of a relationship with LinkedIn, and enough power with the App Store, to wield a big stick and eliminate Intro without any technical changes to the profile system.
But what happens when using profiles for non-security, non-enterprise features becomes widespread? Won’t Google, Facebook, Twitter, and just about every social or ad-supported service want the same access to make it easier to mine your private data, spam your contacts, and evade App Store restrictions? It won’t be hard for the big services to come up with compelling features and friendly messaging to get millions of people to install their profiles, too.
And isn’t this a huge malware risk?
Apple needs a generalized solution to this problem quickly. The big question is whether they can do anything substantial about the profile system without causing issues for legitimate enterprise use1 — I don’t know enough about it to say.
-
TestFlight uses an MDM profile to automatically gather UDIDs and force-install that stupid web-clip icon on your home screen. I don’t believe this is worth the security risk of having so much access to my phone — I don’t trust them to always use this power responsibly, no matter how many free T-shirts and burritos they give out at WWDC — so I’ve deleted it.
If that means I can’t beta-test apps using TestFlight anymore, that’s fine — that’s not really my problem. I’ve tested lots of apps distributed via Hockey that didn’t require me to install a security profile.
You can delete any unnecessary profiles from your iOS device in Settings, General, Profiles. ↩︎