Skip to content
Naked Security Naked Security

LinkedIn app’s oversharing via Bluetooth sparks alarm

LinkedIn said it was working on a fix for the issue - but it's always a good idea to keep an eye on what you might be sharing via Bluetooth

Geez, LinkedIn, you are one pushy app! If you’re not spamming users’ contacts (and getting sued for it), you’re pawing our Bluetooth – even after we thought you’d gone home for the night!

News of LinkedIn’s latest market-the-beejezus-out-of-us stunt came on Thursday, when security researcher Rik Ferguson spotted a proclamation from LinkedIn about wanting to make data available to nearby Bluetooth devices, “even when you’re not using the app”.

Ferguson tweeted a screenshot of the mobile app change notification, accompanying it with a “You want to do WHAT?!” message:

Ferguson said that the pop-up sprang up following an update that billed itself as only offering “general bug fixes and performance improvements”.

According to people who responded to his thread, both iOS and Android users were replicating the message. That’s in spite of LinkedIn’s claim, in a statement sent to the Register, that the prompt was sent out in error, to just to a handful of iOS users:

In order to help our members more easily connect with one another, we’re exploring an opt-in “find nearby” feature that will help them find other members nearby.

This will be an opt-in experience and members will have control of when their location is used for this feature. A prompt to enable Bluetooth on our iOS mobile app went out in error to a small group of LinkedIn members. We are working on a fix immediately and we apologise for any confusion.

A small group, eh? An “error”, you say? Ferguson said that that fish didn’t smell quite right:

Plenty of people on Twitter were able to replicate and I replicated it on three phones all running 9.1.25 of the app. … as if by magic, it looks like 9.1.26 came out this morning.

Should we care that LinkedIn, which did say it was working on a fix for the issue, wants to let us see other Linkees nearby? It is, after all, opt-in. The business networking app says it’s all about getting in more elbow rubbing when we’re at a conference, for example, or out getting some grub at the pub.

Opt-in or no, we’re always a bit leery of always-on Bluetooth, or near-field communication (NFC), for that matter. They’re great for connectivity, enabling us to use accessories such as wireless keyboards and headsets, or to make payments with a wave of our smartphones.

But it does open a door to your device and to your data, so we recommend either switching such features off or putting your device into “not discoverable” mode whenever possible.

Also, be careful when pairing: never accept requests from unknown devices.

You might want to check out our 10 tips to secure your smartphone, or our practical advice for handling smartphones in the workplace.

Oh, and LinkedIn? It’s great that you mea-culpa’ed your ham-handed “I will schmooze via Bluetooth even when I’m not running” message. After all, some of us were interpreting that message in a very UnLinkMe way:


I can’t make a better line than your last one :)
“@rik_ferguson All I read is “LinkedIn would like to be uninstalled from your device”
— Matteo Bertello (@Corralx) April 20, 2017”


well considering LinkedIn is a joke and used for sexual affairs more than anything else does this surprise, anyone?

The only surprise should be that anyone installs the iOS or Andriod app in the first place? I don’t understand why this would make sense… people are far too app happy.

What has LinkedIn done for you besides stroke you e-pen*s that you have connections to “people” you will never talk to…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!