Last week the social networking site LinkedIn rolled out the LinkedIn Intro platform for iOS devices. Shortly after the launch of Intro feature, LinkedIn came under heavy criticism from security experts over the technology that adds LinkedIn profile data to the iOS email client.
LinkedIn defending Blog
Responding to the security concerns being raised, that its last-week-launched Intro service may serve as a gateway for hackers, LinkedIn posted a blog on Saturday. Blog is defending the new Intro feature by affirming that much of the criticism of Intro is incorrect and purely speculative.
LinkedIn senior manager for Information Security Cory Scott wrote the defending blog of the Intro feature. He presented more details and responded to the “inaccuracies and misperceptions” thrown on the new service. “I understand that healthy scepticism and speculation towards worst-case scenarios are an important part of the security discipline; however we felt in this case, it was necessary to correct the misperceptions,” Scott wrote. Scott further added that the company closely examined the core design of Intro before introducing the service as they were well aware of the security concerns that users have. They have created the most secure implementation by studying the possible threats and ensured that the best possible implementation of security standards was followed.
Intro is a new service integrated into the iPhone Mail app that allows users to see LinkedIn profile information when receiving emails. The user not only receives an email from the sender but also will be able to view senders profile picture, learn about his/her background, job title, education history and the senders contact information and mutual contacts. Basically the service pulls information from the profiles of LinkedIn's over 238 million users, so that the user receiving an email can learn more about the sender.
LinkedIn security team involved iSEC Partners a well-respected security firm to perform a line-by-line code review of the credential handling, secure systems development, security education and software design verification. The move was undertaken by the company ensure that email does not remain on its servers. Besides, the security team also used SSL (secure sockets layer) and TLS (transport layer security) technologies to securely conduct the e-mail transition between the company server and the proxy servers. Once the e-mail is delivered to the users address, the system ensures that it will automatically erase any traces of it on the server to stop others from reading or recovering it.