Political Parties’ Apps Under Fire: Security Flaws and Privacy Blunders Exposed

Hot Take:

Political parties and their canvassing apps: the digital equivalent of leaving your front door wide open while going on vacation. Who knew democracy could be so exposed, literally?

Key Points:

• All three major UK political parties have apps with security issues, as found by the Open Rights Group (ORG).
• Labour’s apps have unexplained links to Experian, raising privacy concerns.
• The Conservative’s Share2Win app is riddled with vulnerabilities and leaked MPs’ personal details.
• The Lib Dems’ MiniVan app relies on Google Firebase, known for potential security misconfigurations.
• Despite these findings, political parties and app developers have mostly remained silent.

Election Apps: The New Frontier of Data Leaks?

Once upon a time, political campaigns were all about charm, charisma, and, well, kissing babies. Fast forward to today, and it’s all about apps, data, and hitting the “share” button. The ORG decided to put its magnifying glass on the UK’s political party apps, discovering they are as secure as a cookie jar in a kindergarten classroom. Labour’s trifecta of tech tools, Reach, Doorstep, and Contact Creator, are mysterious in their link with credit reference giant Experian. It’s a bit like finding out your grandma has a side gig as a secret agent. The privacy policy? As transparent as a brick wall.

Conservative Apps: Sharing is Caring… or Scary?

The Tories’ VoteSource might have slipped under the radar, but Share2Win? It’s the app equivalent of that one friend who overshares on social media. Researchers found it storing secret credentials, making it ripe for the picking. It’s like leaving your diary open on a park bench. To add to the drama, personal details of MPs, including phone numbers and home postcodes, were leaked. If you ever wanted to prank call an MP, now’s your chance (not that we recommend it). Share2Win also lacked basic privacy controls, and its Android version had a penchant for sniffing out Wi-Fi data like a digital bloodhound.

Liberal Democrats: Firebase Fiasco

The Lib Dems’ MiniVan app decided to jump on the Google Firebase bandwagon, which is about as secure as a paper umbrella in a thunderstorm. Firebase misconfigurations have been known to expose user data to the public internet. The ORG’s report suggests that while this isn’t inherently problematic, it’s like leaving your house key under the doormat – everyone knows it’s there. With previous research showing thousands of apps leaking user data due to Firebase mishaps, one can’t help but wonder if MiniVan is just another digital disaster waiting to happen.

Is Anyone Listening?

The real kicker? Despite the ORG’s findings, the political parties and app developers have responded with the enthusiasm of a teenager asked to take out the trash. Crickets. Nada. Even The Register couldn’t get a peep out of them. The Conservatives’ app vendors claimed the tested versions were outdated, which is a bit like saying, “Oh, that fire was last year’s problem.” The ORG is understandably skeptical, pointing out that these were the very versions used during the election period when data collection was at its peak. Meanwhile, the ORG is pushing for stronger rules and enforcement to protect voter data, but with the government seemingly uninterested, it’s like yelling into the void.

Conclusion: The Data Dilemma

In the world of political canvassing, it seems that data security is the last item on the agenda. With apps that are as secure as a chocolate teapot, it’s no wonder the ORG is raising the alarm. As James Baker from the ORG aptly put it, trust in democratic systems is at an all-time low, and the government’s inaction isn’t helping. The Data Use and Access Bill could further muddy the waters, potentially giving the ruling party more sway over data use rules. In the end, it seems like the ORG’s calls for transparency and fair rules are falling on deaf ears, leaving voter data hanging precariously in the balance.