Security Flaws Found (And Fixed) in Cruz Campaign App

The smartphone app credited with helping rally grassroots supporters of Republican presidential contender Ted Cruz has been updated after an independent firm found security flaws.

The computer security firm Veracode said it identified vulnerabilities in the Cruz Crew app in an audit it conducted of the apps of all 2016 presidential hopefuls.

Thomas Peters, chief executive of uCampaign, the Washington, D.C., firm that created the app, characterized the security vulnerabilities as “low-level” flaws found in code furnished by third parties. The two glitches were fixed through updates pushed through Google Play and Apple’s App Store within 48 and 72 hours, respectively, he said.

Peters said uCampaign was unaware of any incursions into the system.

The Cruz Crew app got early credit for helping the senator from Texas rally grassroots supporters and claim an early win in the Iowa caucus (rival Donald Trump would later attribute the win to dirty tricks).

An Associated Press story raised privacy concerns about the app, noting it collected detailed information from users’ phones, tracking their physical movements and harvesting the names and contact information of friends who might want nothing to do with Cruz’s campaign.

Peters said supporters can opt to share their contact information with the Cruz campaign. Personal phone numbers are compared against the campaign’s database of likely supporters, and only the matches are returned to the individual’s phone, he said.

It’s up to the individual volunteer to decide whether to make calls to friends and associates in support of Cruz, Peters said.

The Cruz Crew app also uses location — again, with permission — for volunteers who agree to knock on neighbors’ doors and canvass in support of the candidate, or to help likely voters identify the nearest polling place or caucus meeting site, Peters said.

Location tracking can be turned off in the iPhone settings.

This article originally appeared on Recode.net.

Will you support Vox’s explanatory journalism?

We'll be honest: advertising alone isn't enough for Vox, or most newsrooms, to do the amount of high-quality journalism that the world needs and keep it free. We count on contributor support in order to produce nuanced, clear, and optimistic journalism. We don't have a paywall or ask our readers to subscribe in order to see our content, so instead, we’re coming to you this #GivingTuesday to ask you to make an investment in our future. If you’ve read an explainer this year that helped you to see an issue more clearly, got the answer to a long-time question, or just plain learned something, then we hope you’ll consider making a contribution of $20 or whatever you can today.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via