Trump 2020 App is Scooping up Massive Amounts of Data, Cyber Experts Warn

The mobile app for Donald Trump's 2020 re-election campaign collects vast amounts of personal data and is a privacy risk, experts say.

Distributed via the App Store and Google Play Store, the "Official Trump 2020 App" has been criticized by cybersecurity researchers, who raised concerns about the amount of permissions the software requests after being installed on a user's device.

The app seeks a cell phone number for verification alongside personal details including name, home address and zip code. Once downloaded, it seeks access to contacts, rough location, Bluetooth pairing, storage, ID and call information and more.

A prominent disclaimer on the iOS App Store currently reads: "This app may use your location even when it isn't open, which can decrease battery life."

Scooping up all of this data is the Trump campaign, which can then use it as part of its outreach or influence efforts to target messages at anyone who has signed up.

"Regardless of political perspective, this app raises several privacy-related concerns," independent cybersecurity researcher Sean Wright told Newsweek. "In some aspects, it does appear to be more like a spy in a pocket rather than an app to help make an informed decision who to vote for in the next presidential election."

Analysis conducted by members of the Propaganda Research Team at the Center for Media Engagement, University of Texas at Austin, said "bespoke campaign apps" like this one will play a big role in the upcoming election cycle.

Once installed, the Trump 2020 App can be used to share messaging or news with supporters while collecting their data, all without relying on the social networks, some of which have started to crack down on Team Trump's controversial advertising tactics.

The findings were first reported via MIT Technology Review.

According to the Trump campaign's privacy policy, it uses collected information to send marketing, promotional e-mails or messages and for undefined research purposes.

Trump's political rival Joe Biden is using a similar app to target voters. The analysis of its permissions showed it was not as broadly invasive in design, although does revolve around a user sharing access to their contact lists, researchers said.

"I don't see why such an app would need excessive permissions such as the need to collect phone numbers, location data or control over Bluetooth functionality," Wright told Newsweek. "It does cast some doubt as to how this data will be used. My advice is that it's best to avoid installing these apps, purely from a privacy perspective."

The Bluetooth permission was described as being "especially notable" by the Center for Media Engagement researchers, who noted the functionality is typically seen in the ad industry—targeting users with messages as they travel through a specific area.

Its inclusion in the Trump 2020 campaign's app permissions also raised the eyebrows of Chris Boyd, lead intelligence analyst at cybersecurity firm MalwareBytes.

"Making use of Bluetooth technology from advertising realms in the form of proximity marketing is potentially the biggest concern," Boyd told Newsweek. "Depending on how the app is set to respond to Bluetooth, rogue beacons could cause problems for both team Trump and device owners—especially as beacon security would be dependent on the store owner securing their tech in the first place.

"Broad permissions make it almost impossible for people to know what the phone, app and physical spaces surrounding them are doing with their data. In comparison, the Biden app seems a lot more focused about what it expects people to offer up."

According to the Center for Media Engagement findings, the Team Joe app doesn't ask for access to Bluetooth, call information, external storage or phone identity data.

Boyd warned that requesting too much information from users via the application may actually prove to be counter-productive for the Trump campaign. "While the app requests a wide range of permissions, this isn't always useful for data collection where you're trying to deliver targeted messages," he said.

"We saw this with the Tulsa rally registration. Bogus signups resulted in costly dataset cleanups, which can be fatal for email campaigns. A trove of mobile data is similarly useless if nobody is able to filter it down to essentials and strip out the rest."

On the app marketplaces, some reviews for the Trump campaign's software have been scathing, with users complaining about data collection over-reach.

"I thought this app would be a good place for information but all it does is show me unrelated advertisements, get stuck on the same screen, and just all around be super glitchy," one Android user wrote. On iOS, it was called the "worst app in history."

Team Joe's app has also attached a barrage of negative comments, however, with users fuming about a lack of in-app updates and its request for contact access.

The official Trump app has had more than 100,000 downloads via the Google Play Store and reportedly around 780,000 downloads in total, according to Apptopia.

Brad Parscale, the campaign Manager for Trump's 2020 re-election campaign, recently alluded to the importance of personal information when referencing ticket requests for the Tulsa rally last weekend, describing it as the "biggest data haul" of all time.

The value of such data ended up being debateable, however, with the New York Times reporting TikTok users and K-pop fans claimed to have signed up for masses of tickets in an attempt to disrupt the event, requesting seats with no intention of attending.