The Iowa Caucus app wasn't hacked, but it pretty easily could've been

The IowaReporterApp might go down in history as one of the worst apps ever created (and this is a world where Google won’t stop making social apps). At the behest of ProPublica, an analysis by security firm Veracode found the app to be so insecure that it could be the new lead on Issa Rae’s HBO comedy. Sensitive information like vote totals and passwords could not only be accessed, they could potentially be changed. There’s no evidence that anyone took advantage of the glaring lack of safeguards, but it’s safe to say more states than Nevada won’t be using Shadow Inc.’s app in their primaries.

The neverending fallout — ProPublica is not providing specifics on the app’s vulnerabilities as to not aid hackers in case similar apps are used in the future. Hacking the app would have required an advanced strategy, but the bar to entry lowers if a precinct worker had used an “open Wi-Fi hotspot to report votes instead of a cell data plan.”

“While there were reporting delays, what was most important is that the data was accurate and the caucus reporting process remained secure throughout,” said Gerard Niemira, Shadow’s CEO, in a statement to ProPublica. “Our app underwent multiple, rigorous tests by a third party, but we learned today that a researcher found a vulnerability in our app.”

A ProPublica source said that the Democratic Party turned down the U.S. Department of Homeland Security’s offer to test the app. It’s possible, given the current administration, the party was concerned about giving the Trump-led government unfettered access to the software, but it turns out the app can do bad all by itself. They really could’ve saved a lot of money and heartache by just using a Google Form.