LinkedIn Attempts to Quell Intro Security Fears

Source: LinkedIn.

LinkedIn (LNKD.DL) introduced its new Intro feature last week, bringing LinkedIn profiles directly into an iOS user's mail app. It was supposed to be a way to add email contacts to the LinkedIn network and learn more about potential connections, but the feature sparked a firestorm from security firms.

LinkedIn stresses the app is secure, but can investors be confident the company is making the right mobile moves?

Much ado about something
LinkedIn received backlash from security professionals because of how Intro works -- essentially routing a user's emails to a LinkedIn server, adding information, then sending it back out.

In a blog post this week, the company's information security manager, Cory Scott, said when Intro was being designed the company, "Made sure we built the most secure implementation we believed possible."

He went on to list a number of security parameters for Intro, including:

• Having security consultants iSEC Partners perform a line-by-line code review
• Implemention of SSL/TLS at each point of email flow
• Encrypted data is deleted from LinkedIn's systems
• Intro doesn't change any device security profiles, but rather adds an email account to the system that communicates with Intro

That all sounds good, but it may not be enough to change the minds of security firms and users -- and investors should take note of that. 

Intro to mobile  
First, it's important to note that LinkedIn is in the middle of pushing its mobile offerings even further, and Intro is a result of that. In concept, the feature is an inventive way to engage users and seamlessly tap into a user's email and try to grab more mobile usage from it.

But LinkedIn may have unsuspectingly stepped into the mire of Internet security uncertainty.

Last year, LinkedIn suffered a security breach resulting in 6.5 million users having their passwords stolen. But as bad as that was, it's a bit unfair to only point to LinkedIn's security breach without acknowledging that a massive amount of companies that collect secure data online have suffered their own breaches. Facebook, Buffer, Twitter, Microsoft, Adobe, Apple, and many others have been and will continue to be compromised.

The problem for LinkedIn then isn't that Intro data could be stolen, but rather that some security professionals believe the company has made it easier for malicious people to do so.

Though it's still too early to tell the fate of Intro, if security firms aren't satisfied with LinkedIn's statement, or test the feature for themselves and find additional security problems with it, then Intro could fall into obscurity.

That would be bad for LinkedIn, considering the company is trying to tap new ways of getting more mobile engagement. Nearly 40 % of its unique visitors now come from mobile, and those users are 2.5 times more active than its desktop users. LinkedIn wants to grow those users so it can raise mobile revenues, and Intro is expected to be an integral part of that. But if users are already scared by real or perceived threats to their security, it may be easier to simply not add the feature to their iOS devices. LinkedIn investors should be encouraged that the company is trying to increase mobile engagement through ideas like Intro, but also understand the new feature may be asking too much of users, and could actually be pushing them away.