The app that broke the Iowa Caucuses was sent out through an Android test platform

So the Democratic party of Iowa tried to use an untested app to report caucus results during the Iowa primary caucus, and… It went as well as you’d expect. Digging deeper into the app, it should’ve been obvious this was never going to work.

In this case, however, it looks like Shadow used a test platform for the app’s public distribution. Installing software through a test platform or sideloading onto your device manually both come with security risks, as app store review processes are designed to discover whether a piece of software is hiding malware or does something behind the scenes it’s not supposed to. In the event you do sideload an app or try installing an unofficial version, your smartphone typically warns you of the risks and asks if you want to proceed. It’s also a less stable model for deploying software at scale, which might explain the difficulty precinct chiefs had in downloading the program.

The screenshot from Motherboard also shows that the app was distributed using the platform’s free tier and not its enterprise one. That means Shadow didn’t even pony up for the TestFairy plan that comes with single sign-on authentication, unlimited data retention, and end-to-end encryption. Instead, it looks like the company used the version of TestFairy anyone can try for free, which deletes any app data after 30 days and limits the number of test users that can access the app to 200.

What an unmitigated disaster. We’re in 2020 right? Not in 1783?

12 Comments

  1. 2020-02-06 5:36 am
    • 2020-02-06 9:25 am
      • 2020-02-06 12:37 pm
        • 2020-02-06 1:00 pm
          • 2020-02-06 5:09 pm
          • 2020-02-06 8:54 pm
          • 2020-02-06 9:01 pm
    • 2020-02-06 6:01 pm
  2. 2020-02-06 12:25 pm
    • 2020-02-07 7:59 pm
  3. 2020-02-07 4:54 pm
    • 2020-02-07 10:21 pm

Leave a Reply