Serious Security Flaws In Android Apps Used By Political Parties

2019, Breaches, March

Who: Israel Likud and Labor parties

Date: 27 March 2019

# of Records: unknown

What Happened: Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they had found “serious security breaches” granting access to “highly sensitive personal information” in the Android phone apps of the Likud and Labor parties.

How it Happened: Looking at Likud party app and the server behind it, several serious vulnerabilities were found that made it possible for hackers to access the whole list of Likud members, including personal details like home address, emails, cellphones, ​and credit card numbers. All of the data on the server that could be accessed via the app was not encrypted but in plain text. The Labor android app enables the Labor party operators of the app to access the entire contact list of the person who has downloaded the app and send this information back to the server. The operators of the app set up an algorithm that enabled them to map out the relationship of the person to the people within the contact list, by studying how their details are saved within the phone.

Outcome: This is not possible to do with apps for Apple iOS devices, he said, because it violates Apple’s privacy agreements