Serious security breaches were found at Likud and labour parties applications

Severe security breaches were discovered in the applications of the Likud and Labor parties, Check Point reported. The company did not examine applications by other parties as white blue, as they do not have official applications.
Check Point researchers found that the Labor Party application extracts and maintains contact lists of its users without their knowledge and uploads them to an external server, mapping the social connections of users based on the names of the contacts, apparently in order to map the nature of the relationship between the user and the contacts His. In doing so, the work can build a social network, for example, to map potential voters.
In the work application, access to the contact list was described as a tool to "enable you to create and strengthen contacts with your contacts ... the content of the conversations will not be intercepted and / or maintained by the party." However, as soon as the user's contact information is accessed and the "Start affecting" button is pressed, all contact information on the phone is sent to the party's database, including names, phone numbers and e-mail addresses.
 "This allows the party to go through all of the user's contacts and locate the people closest to them by looking for endings and affection and petting abbreviations attached to the name, and words of closeness and love," read the summary of Check Point's report.
 The Likud campaign found various flaws: According to Check Point, user details can be easily extracted and lists of residential addresses, e-mail addresses, telephone numbers, marital status and other demographic data.
"Although the application management interface used by the operator to manage the databases requires identification of a user name and password," Check Point researchers wrote, "it is accessible to the Internet and exposed to cyber attacks."
In the Likud primary last month, the party had more than 119,000 members whose personal details were exposed to theft. The Likud said: "We received Check Point's request, we dealt with the breach immediately - personal information was not leaked and no damage was caused."
The Labor Party said in response: "We thank Check Point for pointing out positively the information security level of the Labor Party.
The purpose of the application is to allow party activists to convince their members by directly transmitting content. This requires the app to access the user's contacts. The argument presented is not correct because access to the list requires user consent to the application, as required in the application stores and as do thousands of other applications around the world. Contact mapping is done for enhanced user experience only and is not saved. "