A bug in Democratic presidential candidate Joe Biden’s official campaign app has exposed the personal information of millions of Americans. The campaign app, Vote Joe, allows the users to sync their phone’s contact list with the software to see if the family and friends have registered to vote in the upcoming presidential election. In this article at Techcrunch, Zack Whittaker explains how the bug in the campaign app made it too easy to access voter information.
The Cause of Security Lapse
The app displays the person’s name, birth date, approximate age, and recent elections they voted in. The app uploads and voter data is supplied from TargetSmart, a political marketing firm that claims to have information on more than 191 million Americans.
The idea behind this initiative is to use the feature to leverage people’s existing network in support of their candidate. However, the App Analyst, a mobile expert, found that they could trick the app into pulling the users’ personal information by merely creating a contact in their phone with that person’s full name. Moreover, the App Analyst found that the app pulls in detailed data such as gender, ethnicity, voter’s home address, and users’ political party affiliation.
TargetSmart reported that the bug occurred due to a coding error by a progressive app developer, and a limited amount of publicly or commercially available data was accessible to other users. Further, the app developers said that the bug was fixed when they rolled out an update for the app.
This Isn’t the First Time
TargetSmart was involved in a security lapse earlier too. In 2017, a cache of nearly every registered voter in Alaska, totaling approximately 600,000 individuals, was exposed through a server misconfiguration by a third-party firm that had access to the data. In 2018, nearly 15 million records on Texas voters were exposed, just months ahead of the US midterm elections.
“… several security lapses involving these vast banks of data have questioned whether political firms can keep this data safe,” says Zack.
To read the original article, click on https://techcrunch.com/2020/09/14/biden-app-voter-files/.