A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered.
A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided access to the app’s Twitter API and other parts of the app. “While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability,” according to a Website Planet blog post. “We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign.”
Source: SC Magazine