Security researchers have identified a vulnerability in the mobile app used by President Donald Trump’s campaign that could allow hackers access to user data “similar to usernames and passwords,” according to a report released on Monday.
Website Planet cybersecurity analysts Noam Rotem and Ran Locar found that the Trump reelection “app’s code revealed keys and secrets, similar to usernames and passwords, that gave access to different parts of the app, such as its Twitter API.”
The report adds, “While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability. We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign.”
It notes that although a hacker would need additional keys to access a user’s account, they “could still use the keys to impersonate the app, and much worse. For example, using the branch.io keys, hackers could potentially access app user and usage data.”
The researchers write that they contacted the campaign app’s team to alert them of the vulnerability as soon as it was detected, and that they made no attempt to access user accounts themselves. The Trump campaign’s “InfoSec” replied within a few hours of Website Planet’s alert, and released a fix for the vulnerability a few days later.
Theodore Bunker ✉
Theodore Bunker, a Newsmax writer, has more than a decade covering news, media, and politics.
© 2026 Newsmax. All rights reserved.