Do LinkedIn smartphone apps harvest contact data from Gmail?

Is anyone else irritated by the way LinkedIn appears to harvest email addresses in an attempt to persuade you to transform correspondents into LinkedIn contacts? I’ve often wondered where LinkedIn got its information about people that I might like to contact but things came to a head yesterday when it suggested that I should make my mother a contact. She’s certainly a great personal contact, but a 79-year old woman hardly rates as a suitable professional contact.

So I began poking around to find out where some of these contact suggestions originate. I know that I have never allowed LinkedIn access to my Office 365 or Gmail accounts, so LinkedIn should not be rummaging through my email to uncover potential contacts. At least, I’m positive that I have never allowed the browser application to browse my personal data.

But the sheer number of suggestions generated by LinkedIn’s “People you may know” feature that are people with whom I have exchanged email, maybe only once or twice, makes me very suspicious that LinkedIn is getting at the data somehow. Right now I’m looking at five or six suggestions for people whom I last send email to in 2009 when we shared a common interest (rugby) in the Bay Area. Those messages are in my Gmail account but I have never looked at them in the last five years nor have I contacted those people by phone, Twitter, Facebook, or any other of the mechanisms that are now available.

In a certain bizarre way, it’s nice that LinkedIn cares enough about me to dig up elements of my past in an earnest attempt to build out my professional network. I imagine that a huge amount of programming effort has been expended to create efficient harvesting algorithms that are capable of making sense from the huge amount of email addresses and other personal data that accumulates in email accounts. On the other hand, it’s kind of creepy that LinkedIn is examining old messages to extract its suggestions.

I don’t pay LinkedIn for its service as I have never seen the need to cough up for an enhanced subscription and I realize that we enter into a certain “compact with the devil” when signing up for cloud-based services where you provide data and the service basically makes whatever use of the data that they can. It is, after all, the way that Gmail operates – Google provides the email service, you generate messages, and Google uses the content to decide what ads are displayed.

Getting back to the original question, I do not know how LinkedIn determined that my mother and old correspondents are suitable contact candidates. Some web searches reveal that I’m not the only one who is concerned about the same issue, which led me to this thread on the LinkedIn community support site. One of the contributions speculate that it must be the LinkedIn phone app that is the culprit and the theory makes sense when you think about it.

I use the LinkedIn phone app on my Nokia 1020 Windows phone (similar apps are available for the iPhone and Android). It’s not the greatest app in the world and it exhibits some annoying bugs at times so I don’t use it often. Nevertheless, I installed the app and clicked through the warnings that told me that the application required access to various data, including contacts. This seems to be the source of the suggested contacts – the LinkedIn phone app has access to the contact data on the phone and is able (because I said so) to use that data. I didn’t anticipate that the data would be used by the browser app too, but that’s probably down to my own ineptitude.

To be fair to LinkedIn, I removed the app from my phone and then reinstalled it from the Windows Store to see what warnings are displayed.

The data that the LinkedIn Windows Phone app can access

The data that the LinkedIn Windows Phone app can access

No attempt is made to conceal the fact that the LinkedIn application is allowed to access contact data (above). Once you install the application, it informs you that your contacts are indeed safe with LinkedIn and then proceeds to offer to import your address book to LinkedIn in order to suggest connections (below).

LinkedIn offers to import your address book

LinkedIn offers to import your address book

Notice the relative size of the “continue” (to import the address book) and “skip” (to decline the opportunity) buttons. Guess which one is more likely to be clicked by the unwary user.

I’m not saying that importing contacts to suggest connections is a useless or underhand feature because it is obviously not. I am sure that many people extract great value from this feature. For instance, someone who is new to LinkedIn can use their address book as the basis to build out their LinkedIn professional network.

Having some 1,350 LinkedIn contacts already (many of which I can’t remember why we connected), I never felt that using my email contacts was a good way to suggest even more connections, so I didn’t use this feature. But LinkedIn still has access to my contacts and seems to use a pretty liberal interpretation of what a contact is.

Take the rugby contacts from 2009 mentioned above – these people send me email and I replied to it using Gmail. However, I never made them email contacts in the way that I understand a contact to be (an email address that you want to remember and associate with an individual because you correspond with them on a regular basis). Nor do these email addresses show up in the Windows Phone “People” hub, so not even the phone that the app runs on considers them as “contacts.”

It seems likely that the LinkedIn smartphone app harvests email addresses that it finds in Gmail accounts that are known to the devices on which it runs and feeds them back to LinkedIn where the addresses can be used as potential suggestions. It doesn’t seem to do the same with my Office 365 contacts but might access other email systems for the same purpose. The iPhone and Android variants of the LinkedIn app might behave differently too.

I’ve been trying to figure out how Gmail correspondents become LinkedIn suggested connections for some time and can’t come up with a better theory. Maybe you can…

Follow Tony @12Knocksinna


About Tony Redmond

Lead author for the Office 365 for IT Pros eBook and writer about all aspects of the Office 365 ecosystem.
This entry was posted in Email and tagged , , , , , . Bookmark the permalink.

5 Responses to Do LinkedIn smartphone apps harvest contact data from Gmail?

  1. Ai says:

    Hi Tony,

    I had some similar thoughts recently as I saw a suggested contact proposed that I know I have not got stored in any address book that is online or even offline. The contact in question was someone I had worked with for a week or two on a project in France many years ago and who I noted as occasionally sending out adverts/change of address emails thus denoting my address still being in their address book.

    Just in case, I searched everything from Hotmail to offline PST based address books, not one instance of their email address or name.

    So, is is possible that LinkedIn is taking the contact list that someone else loads, checking if your address is in their database and then suggesting a reverse contact link-up to reconnect you with someone you once were in contact with?

    It was the only way I could see it working for my example. Could lead to some interesting suggestions..


  2. Graham Pye says:

    I’m seeing the same behaviour from LinkedIn, and I don’t use the mobile app, so there must be some other piece of cleverness at work. I wondered if being on the LinkedIn web page whilst simultaneously having Outlook open on my (Windows) PC was enough for some code from the web page to dig through my Outlook files? OTOH, I do use Gmail (mostly via IMAP) so perhaps LinkedIn has some other way of getting at your mailbox…

  3. Hi Graham, I can’t see how a web page would be able to get at Outlook data unless it is exploiting some sort of back door into Outlook (always possible, I guess). However, wouldn’t a discovery of something like that mean that LinkedIn would lay itself open to all sorts of trouble. I think it’s more likely that users click on terms and conditions without fully understanding what some of the T&Cs mean in practice…

    • Graham Pye says:

      If I was using IE as my browser, then there could be the possibility of an ActiveX add-on doing an OLE (or whatever, I’ve forgotten the terminology now!) connection to Outlook. But I’m using FireFox, not IE, and I don’t have any such add-ons anyway, or at least I don’t think I have!
      I don’t have any contacts in my Gmail account, only in my Outlook PAB. So either LinkedIn is reading my mail on the Gmail server, or by accessing Outlook on my PC…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.