Monday, August 20, 2012

Romney app more obnoxious than Obama app

But both are extremely obnoxious, and you shouldn't use either.  Both campaigns have iPhone and Android apps you can install on your phone.  Don't:
Last Wednesday, Reuters published a story that touches on security concerns surrounding President Obama’s app. Reuters reported, “The app is helping hundreds of volunteers and staff with the voter drives that the campaign sees as a vital way to combat a crop of voter identification laws that could reduce Democratic turnout in swing states… But the implications of having a stranger’s name and address at one’s fingertips has raised the hackles of privacy advocates…”

GFI Labs decided to dig deeper and, at the same time, make a side-by-side comparison of both apps for Android. Here’s what we’ve found out about the Romney and Obama apps.
So what did they find?  A lot:


Riddle me this, GOPman: why does Romney's app need to turn on your camera (CAMERA) or microphone (RECORD_AUDIO)?  Riddle me this, Obamabot: why does your app grab contacts (READ_CONTACTS) or your GPS location (ACCESS_*_LOCATION)?

I know that you're both politicians and so the only reason that you kiss babies is so that you can get closer to swipe their lollypops, but do you have to try so hard to live down to my worst expectations?

Remember Borepatch's First Law of Security, folks: "free download" is Intarwebz-speak for "open your mouth and close your eyes".

Via El Reg.

4 comments:

JD Rush said...

Interesting, Mitten's App is just to announce his Veep choice (even more useless now) with 50k to 100k installs. Maybe they were listening in to hear the groaning when certain names were mentioned on the news.

The Forgotten Man said...

That huge suction sound coming from down south? Its not jobs leaving because of NAFTA, its your private data leaving the phone in your pocket.

Old NFO said...

Not me... I don't play that game... If I want to know, I'll go look it up!

Rick C said...

Me, I wanna know why they have wake locks. Your stupid app doesn't need to be keeping my phone from going to sleep.

(It could be that the apps are using frameworks that apply a bunch of those perms by default; I've seen one that asks for a whole pile of them when you create a project.)