Photo: AP

Ted Cruz and John Kasich share more than just antipathy for Donald Trump. According to the Associated Press, a report issued by the software company Symantec found that phone apps released by both campaigns are not only incredibly invasive but also vulnerable to hackers.

Drawing upon unencrypted data transmitted from phones running the campaigns’ apps, the AP reports that Symantec’s analysis found third parties could use the “Cruz Crew” app to determine a phone’s unique identifying number and other personal information or access a phone’s location data through the “Kasich 2016” app.

“If Symantec had looked more carefully, they would see that the app requests the device info but this info is never sent anywhere,” Cruz data director Chris Wilson said. “The Cruz Crew app is the most secure, popular, and effective app of any 2016 presidential candidate.”

This isn’t entirely true: As previously reported, the Cruz Crew app does share the data it collects with Cambridge Analytica, a British analytics company that claims to have “quantified the personalities of every adult American,” so as to better target voters. As it happens, Cambridge Analytica is owned in part by mysterious New York hedge fund manager Robert Mercer—Ted Cruz’s biggest backer. What’s a little data between friends?