Presidential primary election apps may expose sensitive data

Did you know that there are over 1,200 Android apps, both official and unofficial, that help voters keep track of the happenings in the US presidential primary? Better yet, did you know that over 50 percent of them can expose sensitive user data?

We’re talking about account details, location, list of installed apps, device info, unique IMSI number, settings, your phone number – collected by the apps and sent to remote servers, often over unsecured connections.

These results come from research made into these apps by Symantec researchers, who habe noticed a considerable increase in the number of presidential primary apps installed on mobile devices in the last half year.

Nearly 40 percent of the election apps want to know which other apps users have installed on their devices, 31 percent of them want to know details about the device itself, and 11 percent the device’s (i.e. the user’s) current location.

Finally, some of the apps look for the user’s phone number and account details (2 percent and 1 percent, respectively).

“Downloading election apps may be a quick way to surrender your sensitive data to unwanted eavesdroppers, especially if you use unsecured ​​Wi-Fi or automatically connect to public Wi-Fi hotspots,” the researchers noted. And even officially released apps can put sensitive information at risk:

Official election apps expose sensitive data

It’s natural and commendable that citizens are interested in politics and want to follow the progress of the primaries and/or their preferred presidential contenders, but they should also be careful about the apps they install on their devices.

“Only install apps from trusted sources and pay close attention to permissions apps may be requesting,” the researchers advise. “If an app is asking for more information than you’re comfortable sharing, it might be a sign to run the other way. Think of what the purpose of the app is, and only provide information that is necessary for the app to serve its function.”

Really, when you think about it, why should these apps ever be allowed to collect information about other apps you have installed on your mobile device? Or your account information?




Share this