On Saturday it was reported that the Tory Party Conference app had a flaw within it that exposed all the contact details and other personal information on those registered to attend the conference – including those of senior Tory party members, such as Boris Johnson – and allowed them to make changes to the details.
In response to this, please see below for commentary from Mark Noctor, VP EMEA at Arxan Technologies – the trusted leader of application protection solutions.
Mark Noctor, VP EMEA at Arxan Technologies:
Whilst the Conservative party may now have plugged the hole and stemmed the leak of sensitive data, the question that now must be asked is to what extent have they secured the app? Preventing unauthorised logins is one thing, but they need to ensure that the app cannot be broken into and reverse engineered. Putting a plaster over the gap is going to do little in protecting the app if the foundations themselves are unstable and insecure. Moreover, as the party of government, the Tories are meant to be passing and enforcing laws, this would appear to be a breach of GDPR law, raising to the fore whether enough has really been done to ensure data privacy. There need to be regulations that require app security to be in place and not just seen as a ‘tick box activity’ as it may have been in the past.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.