The Official Trump 2020 mobile app has a security flaw. And it exposes private user data.
That we did not believe what happened in 2016 when seeing that Donald Trump was elected – with illegal help hacker – President of the United States is a palpable fact. That he does not look like he will be re-elected is also almost evident, because if in 4 years he has even turned his advisers against him and the United States has loaded himself, it is scary to think what he will do if he continues in the chair another term .
Official Trump 2020 Campaign App
But it is Trump, and he will stand for reelection in the race for the USA 2020 Presidential Election. The global coronavirus pandemic has disrupted all plans globally, but the US electoral process has an appointment on November 3, 2020 to vote. to your next president.
Trump has already started with the promotional political campaign for reelection – any US president can serve up to 2 terms – and one of the best means of promoting himself is the smartphone. For this reason, the Trump campaign team launched the Official Trump 2020 Campaign App last April, which can be downloaded on Android and iOS mobiles, and which include:
- Receive the latest news on the President’s reelection campaign
- A registration system to attend Trump rallies
- A registration system to vote
- A calendar to know the dates when the president will visit an area close to that of the user of the app.
But we advise you not to do it, we and the team of cybersecurity analysts led by Noam Rotem and Ran Locar, who have discovered a security hole in the app.
Trump 2020 app insecure
According to the experts’ report, the application’s code revealed keys and secrets, similar to username and passwords, that gave access to different parts of the application, such as its Twitter API and others from Google. Although the exposed keys allowed access to many parts of the application, “in our investigation, we concluded that user accounts remained inaccessible through this vulnerability.”
The team did not attempt to access any user accounts for the app, as they deemed the initial vulnerability to be sufficient to alert the Trump campaign. Experts point out that an attacker would still need two additional (unexposed) keys to access any user account, including, potentially, that of President Trump.
But nevertheless the vulnerability is there, and it can be exploited. The report makes clear that “a malicious hacker could continue to use the keys to impersonate the application, and much worse. For example, using branch.io keys, hackers could potentially access user and usage data for the application. ”
For this reason, and until the Trump team resolves it, which, given the mandate of its president, is capable of leaving the application as is, it is recommended that it not be downloaded. The Official Trump 2020 app has been published since last April, with a number of 100,000 downloads between Android and iOS.