Obama and Romney election apps suck up personal data, research finds

Intrusive access

Millions of US voters could be downloading smartphone apps created to promote the campaigns of President Obama and his Republican election rival Mitt Romney without noticing the intrusive permissions demanded by the software, GFI Software has reported.

Looking at the 'Obama for America' and 'Mitt's VP' apps for Android and iOS, the company uncovered a surprising volume of information users will be giving up to the candidate's campaign databases on themselves and even their friends and families.

Romney's app asks not only for a person's name, address and home phone number to create a 'MyMitt' account, but (failing that) a connection to Facebook able to collect data there, including on friends.

It also notices a user's device ID, mobile number, carrier, GPS and cell locations and warns them they might be added to the Romney campaign's contact list, presumably for priority telephone canvassing. It even asks for permission to access the smartphone's camera and audio recording, although this isn't used by the app.

The Obama for America app is similarly nosy, asking for cell and GPS location data, as well as access the smartphone's contact book and call logs and SD Card contents.

Controversially, the app was reported last week to offer users information on nearby registered voters, including first name and last name initial and even home address.

It then encourages downloaders to visit these people to campaign on behalf for President Obama's re-election, supplying canvassing tips on arguments to use on door-stopping trips.

"When checking out this particular feature, it [the app] told me to go canvassing in part of town locally known for a higher crime rate. Users should be aware of their surroundings in any area they visit regardless of what a mobile app tells them," notes GFI Software threat researcher, Randall Griffith.

The ostensible purpose of both apps is different; Obama's is a straight canvassing tool for use in swing states while Romney's was supposed to be a way for supporters to hear news of his chosen vice-presidential candidate.

Both are also information-gathering systems that might feed data into a future generation of more powerful and equally intrusive apps. Hopefully, by that time, voters will be more aware of what they are getting themselves into when they agree to install such software.

Last week, security company Barracuda noticed that Mitt Romney's Twitter account had received a suspiciously large boost to its numbers in a matter of days in late July, a movement it ascribed to the ceration of large numbers of bogus accounts.

Copyright © 2012 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.