
Voting App Flaws Could Have Let Hackers Manipulate Results - pmoriarty
https://www.wired.com/story/voatz-voting-app-security-flaws
======
rvz
It's a bit overkill for the elite security research community + Stanford and
MIT researchers to assess the security of a v1.0 React Native app that handles
voting. Any random white-hat hacker could have done this, thus for them it is
a typical security 101 break-in-and-enter task which is too easy for them.

For example, they proclaimed that they 'found API keys in the app' as a
security flaw when it isn't. Nearly all apps do this standard practise. It
just depends how far you want to go to hide these keys, where this 'find'
isn't a security flaw. The solution isn't obfuscation, as that is not security
either. The real solution is to version the API and rotate the keys on each
release and later deprecate the endpoint if is too old.

I'm sorry but you don't need to be legendary MIT/Stanford researcher to find
the bugs in this app. This voting app has so many security holes, even the
bugs are complaining.

