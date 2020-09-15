15 September 2020 17:04 IST

Any user can sign up without email or address verification. The app does not prevent Non-Americans to access the it, noted The App Analyst, a mobile security firm.

US presidential candidate Joe Biden’s election campaign app allowed users to sign up with unverified email address and access voter data compiled by a third-party service provider that claims to have more than 191 million voter records, a mobile security firm found.

The app named as “Vote Joe App” is the official application of Biden’s campaign that has been designed as a tool to engage with voters.

Once a user signs up, they can access sensitive voter information from the database in the app and sync contacts in their phones to the database in the app, creating new contacts in the database. They can also send canned Joe Biden support texts.

The app allows users to find a voter from the database, and report specific information about that contact. Users just need to query the voter database using a first and last name, and state to return information.

The returned information will show the voters’ history of participation in elections in the past years. It will return values like “Y” to signify “Yes they voted”.

It also shows other values like "B" and "R". "B" value can potentially represent "Blue" or "Democrat" and "R" value can correspond to "Red" or "Republican", the security researcher said.

There is additional hidden information about the voter such as their specific date of birth, "voterbase_id" and the voters’ senate, congressional, and house districts.

The information also reveals other personal details about the voters whether they are veterans, teachers, or students.

The Vote Joe App developers have addressed the issues after they were alerted to this potential data leak.

Syncing Contacts: Fake Contacts, Real Voters

Users can also sync contacts in their phones to the campaign app database and leverage their existing networks and relationships in support of Joe Biden, the researcher said.

When a user syncs their contacts with the Vote Joe App they will be presented with a corresponding voter entry from the Biden campaigns voter database. The contact data then enriches the database entry and can be used to get their votes in the future.

Users can also add fake contacts to the device and sync these with real voters.

Target Smart, a campaign management firm compiles all the voting record data and user contact data of the Vote Joe App. It also provides the app with dashboards showing trends based on the data.

The firm has revealed that it even sells these data. However it allows to opt-out of having the data sold by following "opt-out" instructions in their privacy policy.