The mobile phone numbers of Chancellor Philip Hammond and former foreign secretary Boris Johnson were among those which could be accessed without a password.
Several ministers, including those with top-ranking security clearance, were reported to have received nuisance calls from the public after the breach.
Anybody could type in an attendee’s email address – those of MPs are available on parliament’s website – to access their profile.
It was also possible to change the photos and details of cabinet members, MPs, journalists and local councillors attending conference in Birmingham.
Environment secretary Michael Gove’s picture was reportedly changed to one of Rupert Murdoch, and his email to a fictional Sun newspaper address.
It raises questions over whether the app breaches data protection policy.
The security flaw, which happened as Tory Party members arrived at conference for its first day, has now been fixed.
Events technology company Crowd Comms created the app, with the terms and conditions directing users to the firm’s offices in Australia.
The app’s privacy policy states that it “complies with…the European Union’s General Data Protection Regulation (GDPR)”.
A Conservative Party spokesman said: “The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused.”