Published April 26, 2016
As the Republican presidential contenders battle over who can best protect America, at least two candidates are having trouble protecting potential voters’ personal information on their campaign apps.
The official apps for GOP candidates Sen. Ted Cruz and Gov. John Kasich have come under scrutiny after a Monday report from cybersecurity firm Symantec found users’ data was improperly secured and vulnerable to hackers.
The official campaign apps for Republican front-runner Donald Trump and Democratic rivals Hillary Clinton and Sen. Bernie Sanders were not mentioned in the report as having issues.
Symantec's analysis used a test that collects unencrypted personal data being transmitted from phones running the campaigns' apps.
"The data may be going to a legitimate destination, but it could be intercepted by someone intercepting the traffic," Symantec engineer Shaun Aimoto said.
Cruz data director Chris Wilson on Monday denied the campaign's app leaks data.
"If Symantec had looked more carefully, they would see that the app requests the device info but this info is never sent anywhere," Wilson said. "The Cruz Crew app is the most secure, popular and effective app of any 2016 presidential candidate."
Kasich spokesman Rob Nichols declined to comment.
But Monday’s report was not the first time the Cruz or Kasich apps have come under the microscope.
An independent review commissioned by the Associated Press in March from computer-security firm Veracode found the “Cruz Crew” app had poor code practices and used weak encryption, making users’ personal data potentially susceptible to hackers. The Symantec report, however, did not list any instance where an app was hacked.
The Cruz app collected user data tracking physical movements and harvesting phone contacts that it then fed into a vast database used by the Cruz campaign to build psychological profiles for voter targeting, the AP reported.
The Cruz team has since updated its mobile app to address the vulnerabilities.
The app for Kasich’s campaign contained a serious issue that could allow a hacker to potentially manipulate campaign info, the March Veracode review found. But Nichols said at the time that the Kasich camp’s own review did not find the Veracode analysis credible.
“Your firm doesn’t understand our product,” Nichols said. “They don’t know what they don’t know.”
The Associated Press contributed to this report.