Some of the privacy issues included required access to the device camera, contacts and SMS. But eighteen of the apps had 'critical flaws' including hard-coded credentials stored in binary, SSL certificate issues and susceptibility to data interception. The pilot project's staff alerted each appmaker, and Ten developers remediated their products thus far, while security and privacy issues were addressed in 14 of the apps.
It took most of the developers less than an hour to make those fixes, according to the DHS press release. Closing the vulnerabilities was as simple as removing old or unused code, enabling operating system protections and checking whether the apps actually needed some of the permissions they were requesting. Technically, this vetting pilot program was a success for finding vulnerabilities, but it's unclear how long they were in use before anyone caught wind of their security flaws.
All apps surveyed are listed in the public responder app marketplace AppComm, which is run by Association of Public-Safety Communications Officials (APCO), a participant in this pilot program.