Ted Cruz knows where you live – if you downloaded his app

Many US presidential primary apps gather users’ personal information and leave their sensitive data vulnerable to attackers, security researchers at Symantec warn.

Data exchanged through many of the apps can be intercepted by attackers and shared with third parties because of weak security practices.

Symantec analysed the official mobile app behaviours of top primary candidates, as well as popular unaffiliated apps, using its Norton Mobile Security with Norton Mobile Insight tools. More than half the 1,200 presidential-primary-related Android apps* tested exposed sensitive data.

Amongst the popular primary election apps — those with more than one million downloads — nearly 25 per cent were found to be exposing sensitive data.

The most frequent types of data exposed include account details (email address and social media profile names), device phone number, GPS coordinates, and more.

Even official apps, such as those of John Kasich and Ted Cruz, may expose sensitive data. In the case of the official John Kasich 2016 mobile app, every app installed on a device and the user’s location may be exposed. In the case of the official Ted Cruz "Cruz Crew" app, mobile device details and unique IMSI identification were exposed.

More details on the leaky US election apps can be found in a blog post by Symantec here.

Earlier research by the Online Trust Alliance, published last September, revealed that the majority of then US presidential candidates' websites failed a basic privacy and security audit. Sites that failed the audit included the two front-runners: Hillary Clinton (Dem.) and Donald Trump (Rep.). ®

Bootnote

* Donald Trump has been the focus of much interest, dominating all candidates with 75 per cent of presidential primary apps categorized under his name.