Official Trump 2020 App collected phone numbers from contact lists without consent and could sell that data

Posted on Nov 18, 2020 by Caleb Chen
Official Trump 2020 App collected phone numbers from contact lists without consent and will likely sell that data

Phunware, the developers of the Official Trump 2020 App, is in dire financial straits due to a lawsuit with Uber. This has lead experts and media to question what will happen to the vast drove of private information collected from 2.8 million users by the app during the course of the campaign. Collected information includes location data, IP addresses, phone numbers from contact lists, and all this information has been synced up with national voter information databases.

All apps, especially campaign apps from both sides of the aisle, are usually quite aggressive about getting users to enable all possible permissions. In the Official Trump 2020 App’s case, it has been revealed that developers were actually told to ignore user consent settings and access the user’s contact list anyways. The privacy concern lies in the fact that Phunware may have collected more information than they were allowed. The Associated Press reported:

“Two former employees said Knitowski told engineers to embed invisible tracking software to follow users’ behavior inside each app they built to boost Phunware’s offerings to campaigns.”

One of those ex-employees told AP:

“We were told they needed to be in every app to collect information for whatever we did, and the political vertical was one of those reasons. It would still go in even if the customer said they didn’t want it.”

Estimates vary but it’s very likely that Phunware has at least 27 million phone numbers of Trump supporters and those in the contact lists of Trump supporters. The Trump campaign declined to state what this private information will be used for in the future; however, a senior Trump campaign official emphasized to the AP under condition of anonymity:

“The data is owned by the campaign and limited whatever hit their servers […]”

This is always a possibility when you share information with apps

It’s worth noting that the official campaign app from President elect Joe Biden – Team Joe and later Vote Joe – also collected IP addresses, location information, and even contact lists; however if the user declined to consent to sharing this information, the app would respect that request as opposed to siphoning the information anyways with invisible code. It’s also worth noting that the official campaign app from Biden had orders of magnitude less downloads than the official campaign app from Trump.

MIT Technology Review made a table with a comprehensive list of the permissions requested by both official campaign apps:

Access requested Trump 2020 Team Joe
Phone identity Yes No
Bluetooth pairing Yes No
Read, write, or delete data Yes No
Identity (find accounts on the device) Yes No
Calendar Yes No
USB storage Yes No
Device ID and call information Yes No
Receive data from internet Yes Yes
Broadcast data messages to apps Yes No
Full network access Yes Yes
Control vibration Yes Yes
Run at startup Yes Yes
Prevent device from sleeping Yes Yes
View network connections Yes Yes
Pair with Bluetooth devices Yes No
Change your audio settings Yes No

Official Trump 2020 App was meant to feed Cambridge Analytica with data

A former Phunware executive, Ian Karnell, explained to CBS News earlier this year that the data from the Official Trump 2020 App is a perfect fit for propaganda machines like that which ran the Cambridge Analytica scandal back when all this information was available from Facebook. Karnell recalled that tying all this information together for political purposes was part of the core pitch from Phunware to the Trump campaign. He told CBS News what he told the Trump campaign:

“We have this mobile graph that has years of device ID information that we’ve matched with voter records with some of the biggest voter record databases in the United States at that point. And we’ll be able to share that graph data back with you. You can extract that and leverage that.”

The thing with private information is that if it’s useful for politics, it’s definitely useful for advertising. The fact of the matter is that all of this data, willingly handed over by app users, is now undoubtedly on the market due to Phunware’s flailing financial status. While it’s obvious that this data would be useful in the 2024 election, it’s worth worrying about what all this data could be used for in the meantime. Big data wants its hands on that data, and there really isn’t anything to stop them.