I am not sure whether this is a surprise or not.
The apps for both Biden and Trump are not secure. Does that show up as a surprise to you?
Let’s start with Biden’s App.
Biden’s iOS app did not even validate the email addresses, so anyone, say in North Korea can download and abuse the app.
They take your contact information and merge it with information from Target Smart’s voterbase, using your data to enrich their profile of 250 million consumers. While some of the fields are not exposed in the user interface, they are available to anyone reverse engineering the app. The starting data is public voter rolls data, but where it becomes valuable is when they can add your information (where your is thousands or millions of downloads) to their database.
Of course a bad actor could download the app and corrupt the database with millions of compromised contacts.
When the researchers notified Joe’s team, they fixed the flaws (whatever that means) almost immediately.
Now let’s move on to Trump’s app.
Their first problem was a little worse. They exposed hardcoded secret security keys to their Twitter and Google accounts.
In addition, Don’s app learned a lesson from TikTok. They are scraping every piece of user data off the phone that they can find. I think he called that a national security threat when TikTok did that.
In a very smart move (and perfectly legal), Trump’s app turns raising money for the campaign into a game. People get points for raising money and could wind up on a leader board if they raise enough money OR if they get their friends to install the app.
In both cases, the exposure comes from taking public data and, as the data scientists call it, “enriching it” with non-public data such as data collected by friends or by polluting it, with data collected by foes. It appears that it may be possible for folks to steal some of that enriched data.
The exposed security keys are a different story, of course. That is just a problem.
It just shows that political apps are not any more secure than any other app. Which should not be much of a surprise, but means users should not let their guard down.
No politician wants to spend money on tech, although every politician uses tech. In fact, these days, tech is critical, but so is cost containment.
It also points out that politics, these days, is all about the data and both the red team and the blue team are trying their best to collect the most data while at the same time hoping that no one will corrupt their data, either maliciously or accidentally. Or complain about their practices. Credit: Bleeping Computer