Official “Vote Joe” App Security Flaw Leaks Private Data Of All 250,000 Users
From FMShooter: fmshooter.com
In the vast majority of Joe Biden‘s never-ending stream of screw-ups on the campaign trail, many of his decisions are not yet impacting voters at home. Unless, of course, his mobile application leaks data about hundreds of thousands of Americans via his campaign’s very own “Vote Joe” app.
What is the Vote Joe App?
Vote Joe, the Biden-Harris’ attempt to appeal to the youth, is a sleek mobile application (admittedly sleeker than the competition’s) that aims to get people to annoy their friends to vote, politically charge and already-over-politicized nation, and turn ordinary folks into telemarketers, with a leaderboard, points, and a leveling system to boot.
My main development laptop broke, and as COVID restrictions have delayed Apple for weeks, I decided to kill some time by digging into what the application does and the code that powers it.
All debugging and requests made are for my own personal information or information that is already public, and falls squarely inside the bounds of what is allowed by the CFAA (Computer Fraud and Abuse Act). Requesting the data of other users may have you facing charges. Don’t do it.
So what’s the problem?
To begin, there is usually a lengthy process to even attain the code that powers a mobile application. Companies don’t want you seeing it, and neither does Apple. Thanks to jailbreaking, the process of breaking out of the numerous security measures Apple has in place for their mobile devices, most of the buck of making sure applications are secure fall to the developers, or in his case, Joe Biden and his staff.
As we all know, they’re fairly incompetent.
To be fair, the application wasn’t created by Joe Biden and his team directly, but a company based out of Somerville MA called OutVote (https://outvote.io).
Outvote is self-described as an application for progressives to canvass, act, and connect to get the politicians they like elected. Joe Biden most likely partnered with this organization to create a new mobile application, but it turns out they lazily tacked-on to their existing application to create “Vote Joe.” The codebase is almost identical except that there are a few Biden-specific edits shoved into the Biden version.
And what happens when developers get lazy and don’t think things through?
You get data leaks.
Read more: fmshooter.com
Please share and comment!