GFI Software is reporting that the apps created to promote the campaigns of President Obama and Mitt Romney have intrusive permissions built in. The apps on Android and iOS demand information about the user who download them to the candidate’s campaign databases on themselves and even their friends and families.

The Romney app requests a person’s name, address and home phone number to create a ‘MyMitt’ account or a connection to Facebook able to collect personal data about you and your friends. It can identify a user’s device ID, mobile number, carrier, GPS and cell locations and tells them they might be added to the Romney campaign’s contact list, probably for priority telephone canvassing; while permission is asked for the smartphone’s camera and audio recording, it isn’t used by the app.

The Obama for America app asks for cell and GPS location data, access to the smartphone’s contact book, call logs and SD Card contents. Probably most controversially, it was reported last week that it offered users information on nearby registered voters, including first name and the initial of the last name with a home address, while encouraging downloaders to visit these people to campaign on behalf for President Obama’s re-election, providing canvassing tips on arguments to use on door-stopping trips.

“When checking out this particular feature, it [the app] told me to go canvassing in part of town locally known for a higher crime rate,” notes GFI Software threat researcher, Randall Griffith. “Users should be aware of their surroundings in any area they visit regardless of what a mobile app tells them.”

The stated purpose of the Obama app is as a canvassing tool for use in swing states while Romney’s was conceived to be a way for supporters to hear about his vice-presidential choice. While the information gathering might just be the first step for future apps, voters are likely to become more aware of what comes with these “free” app downloads.

In other news, security company Barracuda noticed that Mitt Romney’s Twitter account had received a suspiciously large boost to its numbers in a matter of days in late July. This was ascribed to the creation of large numbers of bogus accounts.

Source: Network World