How Obama's and Romney's Smartphone Apps Invade Your Privacy
CREDIT: Obama: Chuck Kennedy/White House; Romney: Gage Skidmore/Creative Commons
The presidential election season is winding down (and the nation sighs with relief), but the campaigns of President Barack Obama and Gov. Mitt Romney are moving into overdrive, getting the final words out before Election Day.
Modern technology has played a huge role in this year’s campaigns, with the candidates turning to social media, Web videos and text messaging.
For the most serious political wonks and candidate enthusiasts, though, the handiest pieces of technology are the official smartphone apps released by both the Romney and Obama campaigns.
Unfortunately, cybersecurity hasn't been a campaign-trail issue. If it had been, both Obama and Romney could have turned to their own phone apps as prime examples of security risks.
According to Domingo Guerra, president and co-found of Appthority in San Francisco, the candidates' apps for both iOS and Android platforms track users and communicate with external sources, such as ad networks.
"Mitt Romney’s app for iOS can access [iPhone] contact lists and calendar information," Guerra said. "Barack Obama’s app for iOS can identify device type and send out data without encryption, making it possible for some data transmitted by the app to be intercepted."
Guerra added that the apps also can access user accounts on a number of different websites, including Facebook, Twitter and Google Maps.
What these apps reveal and access is likely a lot more than the user bargained for when he or she downloaded them. However, it does not appear that financial information is at risk, even though the campaign apps make it easy to donate money.
Defusing the risks
The best way to protect your personal information might be to avoid using a campaign app at all, Guerra said. But if you do choose to use an app, he advised denying the app access to GPS location tracking and to contact lists.
"In general, we believe that the Obama and Romney apps are safe and reasonably designed from the security and privacy perspective," Guerra said.
"While they do have access to information such as the contact book, and do transmit some data over HTTP and not over SSL, they do not appear to carry out clearly undesirable activities," he added. "The apps are okay as they don't put user-related information at significant risk."
Users will want to take a lot more caution when downloading unofficial candidate-related apps created by third parties. Anti-virus firm Trend Micro found four Android apps that secretly serve up adware — marginally malicious software that overrides legitimate paid ads — and track the user.
Whenever you download an app, do it from the official Apple or Android app store, not a website. If you've got an Android phones, make sure it's got security software installed that will scan the app for possible malware or bugs.
And remember — as of Nov. 7, these apps will be obsolete.