The smartphone app credited with helping rally grassroots supporters of Republican presidential contender Ted Cruz has been updated after an independent firm found security flaws.
The computer security firm Veracode said it identified vulnerabilities in the Cruz Crew app in an audit it conducted of the apps of all 2016 presidential hopefuls.
Thomas Peters, chief executive of uCampaign, the Washington, D.C., firm that created the app, characterized the security vulnerabilities as “low-level” flaws found in code furnished by third parties. The two glitches were fixed through updates pushed through Google Play and Apple’s App Store within 48 and 72 hours, respectively, he said.
Peters said uCampaign was unaware of any incursions into the system.
The Cruz Crew app got early credit for helping the senator from Texas rally grassroots supporters and claim an early win in the Iowa caucus (rival Donald Trump would later attribute the win to dirty tricks).
An Associated Press story raised privacy concerns about the app, noting it collected detailed information from users’ phones, tracking their physical movements and harvesting the names and contact information of friends who might want nothing to do with Cruz’s campaign.
Peters said supporters can opt to share their contact information with the Cruz campaign. Personal phone numbers are compared against the campaign’s database of likely supporters, and only the matches are returned to the individual’s phone, he said.
It’s up to the individual volunteer to decide whether to make calls to friends and associates in support of Cruz, Peters said.
The Cruz Crew app also uses location — again, with permission — for volunteers who agree to knock on neighbors’ doors and canvass in support of the candidate, or to help likely voters identify the nearest polling place or caucus meeting site, Peters said.
Location tracking can be turned off in the iPhone settings.
This article originally appeared on Recode.net.