Privacy issues have been detected in an official application of the Joe Biden campaign.
The Vote Joe app uses relational organizing to allow users to share data about themselves and their contacts with a voter database run by Target Smart, a service claiming to have over 191 million voter records.
A user who syncs their contacts with the Vote Joe app will be presented with a corresponding voter entry from the Biden campaign’s voter database. The user’s contact data is then harvested and used to enrich the database entry.
The App Analyst noted: “An issue occurs when the contact in the phone does not correspond with the voter, but the data continues to enrich the voter database entry. By adding fake contacts to the device, a user is able to sync these with real voters.”
Commenting on the relational organizing employed by the app, Brandon Hoffman, CISO at Netenrich, said: “An influencer could easily just sync their phone loaded with a list of pre-planted fake social media ‘contacts’ and ‘profiles’ that will be used to further their information campaign.”
Anyone who signs up for the app with an unverified email can query the voter database using a first and last name, and state. The returned information includes which elections the voter has participated in with either a checkmark to signify their participation or an X to denote that they did not vote.
The App Analyst found that more information about each individual voter was revealed in the voter-returned JSON (JavaScript Object Notation) object.
“The returned object appears to contain ‘Y’ to signify ‘Yes they voted,’ but there are other values such as ‘B’ and ‘R.’ These values may represent how Target Smart suspects the user voted, using an ‘R’ value to potentially represent ‘Red’ or ‘Republican’ and the ‘B’ value to represent ‘Blue’ or ‘Democrat,'” they wrote.
Additional voter data revealed included specific date of birth, “voterbase_id” (a value unique to Target Smart and not an official voter ID), and some Target Smart fields corresponding to the voter’s Senate, congressional, and House districts.
The app states: “We’ll let you know which of your friends and family members could use that extra touch to help make sure they vote in 2020.”