Trump Campaign App's Data Grab Could Expose Everyone in Your Contact List, Experts Say

Several experts were concerned by the app's attempts to collect contact data.

The Trump campaign’s smartphone offering seeks to collect and store the contents of users’ address books –– potentially vacuuming up large quantities of personal data about individuals who have never used the application and who may be unaware that it’s in the hands of the campaign.

The Trump campaign did not immediately respond to ABC News' request for comment.

According to the app’s privacy policy –– a common legal document that outlines a software vendor’s intentions for using users’ data –– the campaign “may access, collect, and store personal information about other people that is available to us through your contact list and/or address book.”

However, Trump’s app goes a step further by seeking to collect information about other individuals through app users’ contact books during the initial registration process. Clinton’s app requests this information when users seek to use a sharing feature in a menu, not during the initial registration process.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said that Trump is "basically saying he has the right to pull down the contact list of the donors and supporters [using the app], which is something that is really very controversial."

Craig Spiezle of the Online Trust Alliance agreed, saying the policy was “very problematic,” and “not one that privacy or consumer advocates would consider reasonable.”

Collecting data from app users is not unique to the Trump campaign. However, Rotenberg said that the scope of the Republican nominee’s collection “in particular is egregious."

Of particular concern is the personal nature of data contained in modern electronic address books, which is often shared with personal confidants under the assumption that it will be kept private or shared with only the utmost discretion.

Many people using apps that collect contact data may not realize the extent of the information that they’re handing over, experts said.

The crucial decision is made during the initial registration process when the app is first launched.

Users are presented with a screen featuring the campaign logo superimposed over a photo of Trump. Beneath it they are presented with multiple options for registering an account with the app.

Further down still, in small text at the bottom of the screen, is a link to the app’s privacy policy, which, when clicked, takes users to the legal document on the campaign’s website.

During the registration process, ABC News journalists testing the app were presented with a pop-up screen requesting access to their address book. They denied the request and the app functioned normally during brief usage.

However, experts noted that privacy policies go partially or fully unread, and users often rapidly and impatiently click through pop-ups asking for permission to access the data. Some may not even know what a privacy policy is or that one is available, the experts noted.

A Pew Research study from late 2014 found that less than half of Americans polled correctly identified what a privacy policy is.

So, in many cases, users are unaware of what they’re about to hand over, experts said.

Additionally, some apps are coded so that they will not function if they are not granted access to requested data. Trump’s app appeared to function even though access to the contacts was denied, however, this is not made clear before the prompt, which appears during the initial registration.

“I think most people have this perception that if they don’t click yes, they can’t use the apps. It’s misleading at best,” Rotenberg said. “But it’s unfair when we look more closely at the Trump policy in particular, because it says, ‘You’re giving us the right to capture your contact list.’”

Even though it's legal to transfer data about people who may have never downloaded the app, the practice remains controversial.

“Here you have the situation where an individual is wanting to use the app, and they’re making decisions about other people’s privacy,” Ozer said.

“[Neither] the individual nor the app is making sure individuals in those contact lists knows their information is ending up in the hands of the campaign,” she added. “Just because you choose to use an app, doesn’t mean that all the people you come in contact with want information about them shared with that campaign or that company.”

“Your contact list are a treasure trove. They are potentially thousands of people that you know, and personal information about them that they might not share publicly. It can be their private mobile numbers, it can be there home addresses, it can be many other things about them that would be valuable to both companies and political campaigns,” she said.

But not all experts share those concerns about the practice.

“It is perfectly legal to do so,” said Albert Gidari, director of privacy at the Center for Internet & Society at Stanford Law School.

“That you may betray your friends' privacy in doing so is a matter of your ethics, not the site's," Gidari told ABC News. "Do people stop and think about this? Of course not!”

The Trump app’s privacy policy notes that users who originally agree to share their contact data can later revoke this access on their device’s settings. However, the vast majority of privacy experts interviewed by ABC News expressed concern that the policy says nothing about whether data that had already been transmitted to the campaign’s servers would be deleted.

“A real revocation of that permission would require the Trump campaign -- or any organization -- to delete the information,” Rotenberg said.

The collection of this data is concerning, the experts said, in light of recent high-profile hacking attacks.

Recent data breaches at the Democratic National Committee and the Democratic Congressional Campaign Committee, as well as a number of other organizations and businesses, highlight how common the public exposure of private data by hackers has become.

“The more data, the longer its retained, the more likely that something can happen to it,” Ozer said. “That it ends up being used in a way that the individual did not intend or could end up being hacked or breached at some point down the line.”

While the Clinton privacy policy states that the campaign “takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction,” no such language exists in the privacy policy for the Trump app.

Editor's note: This story has been updated to reflect the existence of a feature in a menu on the Clinton campaign app that does ask users' for access to their address books. However, this is an opt-in feature that appears in a menu, not during the initial registration process.