The Elyze app has gained some popularity in recent weeks. Its principle? Help users position themselves politically by identifying the political tendency they are closest to.
To accomplish this, the user is presented with various policy proposals and has the ability to “slide” depending on whether or not they agree with the proposal. According to its creator, the aim of the application is to offer a fun tool aimed at “conciliating young people with politics”, bypassing the codes of the dating application Tinder.
But the app’s success has sparked curiosity and many observers have pointed out its security and data protection shortcomings.
A first defect reported and corrected
Initially, several users studied in detail the operation of the application and noticed strange behavior, including security flaws.
Thus, the researcher Mathis Hammel had fun analyzing the application code to better understand its operation and explain certain errors found by users.
In the course of his investigation, he realized that a misconfiguration by the app’s creators could allow a third party to modify the content of the app and add, for example, new candidates that could be recommended by the app. , or modify the proposals associated with the candidates. A bug that was reported by the researcher to the app developers, who quickly fixed the flaw in question.
But for the young researcher, this demonstration is a new argument in favor of opening the code of the application, demanded by some Internet users.
Security and data protection at the center of concerns
The other concern about the app is its use of the personal data of its users. There is no need to hide your face: Elyze allows you to build a precise political profile of your users, classified according to their positions with respect to the various French proposals and parties. This is particularly sensitive data that application developers must handle and process with care.
Therefore, the issue of the data collected and processed by the application has been closely watched. Several researchers, including the co-founder of the Exodus Privacy association, have highlighted the fact that the application collects in particular the user’s date of birth, zip code and gender, as well as various technical data related to the phone. and the operator. And that data transfers were observed to AWS from Amazon, where the application database is hosted, but also to Facebook.
The CNIL supervises
So many concerns that therefore led the CNIL to investigate the case of the request.
With AFP, the Commission indicated on Monday that it intended to verify that the application complies with legislation on the processing of sensitive data. The concept of “sensitive data” as defined in the GDPR includes all data that reveals religious, political, philosophical opinions or data related to sexual orientation.
The processing of this data is subject to additional consent and protection requirements. However, the creators of the app deny that they want to resell this data and indicate that the strictly anonymous data could possibly be shared in the context of scientific research.
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled