ABC News(NEW YORK) — Donald Trump’s campaign app may be putting “America First,” but experts say it’s not necessarily prioritizing users’ privacy.
The Trump campaign’s smartphone offering seeks to collect and store the contents of users’ address books — potentially vacuuming up large quantities of personal data about individuals who have never used the application and who may be unaware that it’s in the hands of the campaign.
The app, titled “America First,” was quietly launched on Apple’s App Store and the Google Play store as a free download last week.
In a series of interviews with ABC News, several electronic privacy experts expressed concerns about the scope of the Trump campaign app’s data collection techniques, even though all of the methods appeared legal. The experts warned that users may be unwittingly handing over personal data about themselves and their contacts — potentially exposing all involved to undesired campaign communications, or, at worst, a host of abuses in the event of a malicious data breach.
The Trump campaign did not immediately respond to ABC News’ request for comment.
The Hillary Clinton campaign launched its app in July. Both campaigns collect data on those who use their apps — including information about a user’s phone, their mobile network provider, and other uniquely identifiable data, according to the privacy policies available on the apps.
However, Trump’s app goes a step further by collecting information about other individuals through app users’ contact books.
“Trump’s is asking to collect significantly more data, and not just data about you, but data about anyone who might be in your contact list,” Nicole Ozer, technology and civil liberties policy director at the ACLU of Northern California, told ABC News.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said that Trump is “basically saying he has the right to pull down the contact list of the donors and supporters [using the app], which is something that is really very controversial.”
Craig Spiezle of the Online Trust Alliance agreed, saying the policy was “very problematic,” and “not one that privacy or consumer advocates would consider reasonable.”
Collecting data from app users is not unique to the Trump campaign. However, Rotenberg said that the scope of the Republican nominee’s collection “in particular is egregious.”
Of particular concern is the personal nature of data contained in modern electronic address books, which is often shared with personal confidants under the assumption that it will be kept private or shared with only the utmost discretion.
Address books on mobile phones don’t just contain phone numbers and email addresses — which themselves may be private or sensitive. In many cases, they can contain notes about health information, snippets of emails, codes for security systems or garage doors, shared passwords, or even Social Security numbers.
Many people using apps that collect contact data, such as the Trump app, may not realize the extent of the information that they’re handing over, experts said.
The crucial decision is made during the initial registration process when the app is first launched.
Users are presented with a screen featuring the campaign logo superimposed over a photo of Trump. Beneath it they are presented with multiple options for registering an account with the app.
During the registration process, ABC News journalists testing the app were presented with a pop-up screen requesting access to their address book. They denied the request and the app functioned normally during brief usage.
So, in many cases, users are unaware of what they’re about to hand over, experts said.
Additionally, some apps are coded so that they will not function if they are not granted access to requested data. Trump’s app appeared to function even though access to the contacts was denied, however, this is not made clear before the prompt.
“I think most people have this perception that if they don’t click yes, they can’t use the apps. It’s misleading at best,” Rotenberg said. “But it’s unfair when we look more closely at the Trump policy in particular, because it says, ‘You’re giving us the right to capture your contact list.’”
Even though it’s legal to transfer data about people who may have never downloaded the app, the practice remains controversial.
“Here you have the situation where an individual is wanting to use the app, and they’re making decisions about other people’s privacy,” Ozer said.
“[Neither] the individual nor the app is making sure individuals in those contact lists knows their information is ending up in the hands of the campaign,” she added. “Just because you choose to use an app, doesn’t mean that all the people you come in contact with want information about them shared with that campaign or that company.”
“Your contact list are a treasure trove. They are potentially thousands of people that you know, and personal information about them that they might not share publicly. It can be their private mobile numbers, it can be there home addresses, it can be many other things about them that would be valuable to both companies and political campaigns,” she said.
But not all experts share those concerns about the practice.
“It is perfectly legal to do so,” said Albert Gidari, director of privacy at the Center for Internet & Society at Stanford Law School. Gidari noted that he is a Trump supporter.
“That you may betray your friends’ privacy in doing so is a matter of your ethics, not the site’s,” Gidari told ABC News. “Do people stop and think about this? Of course not!”
“A real revocation of that permission would require the Trump campaign — or any organization — to delete the information,” Rotenberg said.
The collection of this data is concerning, the experts said, in light of recent high-profile hacking attacks.
Recent data breaches at the Democratic National Committee and the Democratic Congressional Campaign Committee, as well as a number of other organizations and businesses, highlight how common the public exposure of private data by hackers has become.
“The more data, the longer its retained, the more likely that something can happen to it,” Ozer said. “That it ends up being used in a way that the individual did not intend or could end up being hacked or breached at some point down the line.”
Copyright © 2016, ABC Radio. All rights reserved.
Read More →