Why LinkedIn is a Malicious Mobile App

I was completely caught off guard while working on my laptop computer when LinkedIn displayed a list of my email contacts and innocently prompted me:

“We found 424 people you know on LinkedIn when you added your address book. Select the people you’d like to connect to.”

And there, before my eyes, were all my email address book contacts.

Whoa! What was this about? I never added my address book to LinkedIn. That’s one thing I would never do.

Life in the Transparent Lane

As a matter of professional hazard, I live my life rather transparently online. But there are some things I take some caution to not share. And one of those things is my contacts. For the same reason I don’t like to be robotically solicited to engage in someone else’s network, I don’t want to be the culprit that causes this pain to others. So I mind my contacts as best I can.

About a half hour of online sleuthing – also known as completely wasting my time – revealed a large network of people who had been caught in this LinkedIn scam. And they, like me were pretty pissed off.

At first I suspected that I had somehow slipped up and authorized Google to cough up my Gmail contacts. But this time Google (and I) were not guilty. Then began the search through my LinkedIn privacy settings. Astonishingly there was no information about contact importing. Ultimately after more research (read: wasting time) I was led to the LinkedIn app recently installed on my mobile device. And there it was…

Permissions? We Don’t Need No Stinkin’ Permissions

LinkedIn Mobile app seizes your contacts and imports them into its platform.

Under “Permissions” in the LinkedIn app is the innocuous authorization to “Read Your Contacts”. It is not an option. It is a condition of using the app. OK, so reading my contacts is one thing. But after highlighting this specific permission, the more onerous truth emerges and it reads,

“Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.”

Well, there it is. Ouch.

Now, to be fair, something I don’t really feel the need, LinkedIn only uses the information to suggest that I start sending out requests for connection. They’ve even done the heavy lifting of culling my list of several thousand contacts down to about 400 or so actual people who are on LinkedIn and with whom I haven’t already connected. And they ask for permission to extend my invitation to them. I can even customize my invite. How nice? No, not nice at all.

Bad LinkedIn. Bad. Bad. Bad.

LinkedIn: You’ve crossed the line. Your app is malicious. And I’m removing it from my mobile device. And worse, I trust you less. Which is too bad, because I’ve been rather high on LinkedIn lately. But now this. It’s wrong.

Next step: Remove those Damn Contacts

Another half hour of research brought me to the process for removing those contacts from LinkedIn. It wasn’t easy. But if you’ve been caught in this cesspool, here’s how to do it.

1) On LinkedIn, navigate to Connections > Add Connections and select “Manage imported contacts” in the upper right of the page
2) Check “Select All”, scroll to bottom of page & select the greyed out (!) “Delete selected contacts” and accept the double confirmation request
3) Repeat this process because LinkedIn won’t display all your contacts at once. For my 1100 imported contacts I had to do this repeatedly.

After repeating this incredibly time wasting process several times, LinkedIn will deliver an error message. They’re toying with you. And disrespecting you. At some point you will have to start selecting a shorter list of deletes. Begin to manually check names – perhaps 50 – 100 at a time. Keep at it. Eventually all your contacts will be deleted.

Dump the LinkedIn App

Delete the LinkedIn app from your mobile device. They behaved badly and they don’t deserve a place on your mobile device.

What Do You Think?

Have you been caught in this? Do you think LinkedIn should bust into your email contacts and import them to their platform? Maybe you think this is a valued service. Let me know.