The official mobile apps of Republican presidential candidates Texas Senator Ted Cruz or Ohio Governor John Kasich are vulnerable to hacking, according to a new report.

Research from Symantec Corp. identified five areas of concern with the two apps — three with Kasich’s and two with Cruz’s — that could allow personal data to be easily obtained by a hacker due to users’ data being improperly secured.

In the case of the “Cruz Crew” app, third parties could capture mobile device details and unique IMSI identification, while the Kasich 2016 app could expose a users’ location data and information about other apps installed on the phone.

The flaw with both was due to that data being gathered by the apps and then transmitted to the campaigns unencrypted.

Symantec rated the Kasich app as a medium security risk, while the Cruz app was given a low security rating.

In a response the Cruz campaign denied the allegations, with Cruz data director Chris Wilson telling Foxnews that “If Symantec had looked more carefully, they would see that the app requests the device info but this info is never sent anywhere,” before adding “The Cruz Crew app is the most secure, popular and effective app of any 2016 presidential candidate.”

WTF?

The statement from the Cruz campaign actually confirmed that the data is being gathered to begin with, but then says that’s it’s alright because “the info is never sent anywhere.”

WTF?

Why does the app gather the information in the first place, and even allowing that it does, why doesn’t the app encrypt the information, which is basic security 101.

According to an Associated Press report quoted by Enterprise Security Today, the Cruz app is actually designed to gather detailed information from users’ phones, including potentially tracking their physical movements and harvesting the names and contact information of friends, with data then fed into a vast database containing intimate details about nearly every adult in the United States to build psychological profiles that target individual voters determined to be likely Cruz supporters.

Political campaign databases are one thing, but actually harvesting information about an app users friends from their phone to create a massive database of “nearly every adult in the United States” is nearly Orwellian, in this case reminiscent of one of the plot lines in the current season of House of Cards.

The last word should go to Symantec’s Cynthia Chen because although it may seem obvious to some, it definitely needs repeating in this case: “If an app is asking for more information than you’re comfortable sharing, it might be a sign to run the other way … Think of what the purpose of the app is, and only provide information that is necessary for the app to serve its function.”

Image credit: gageskidmore/Flickr/CC by 2.0