Security researchers are calling LinkedIn’s new mobile app, Intro, a dream come true for hackers or intelligence agencies.
“I’m flabbergasted by this,” Richard Bejtlich, the chief research officer at the computer security company Mandiant, said in an interview on Wednesday. “I can’t believe someone thought this was a good idea.”
Intro is an e-mail plug-in for iOS users that pulls LinkedIn profile information into e-mails so that the sender’s job title appears front-and-center in e-mails on a user’s iPhone or iPad.
Some bloggers have hailed it as a smart play by LinkedIn to get more mobile action and to get users to stop thinking of the service as a static Web site they go to every couple of years to update their employment status.
But security researchers have taken issue with the way the app works. Intro redirects e-mail traffic to and from users’ iPhones and iPads through LinkedIn’s servers, then analyzes and scrapes those e-mails for relevant data and adds pertinent LinkedIn details.