
Experts Analyze the App That Broke Iowa - sutro
https://www.vice.com/en_us/article/3a8ajj/an-off-the-shelf-skeleton-project-experts-analyze-the-app-that-broke-iowa
======
jiveturkey
"Honestly, the biggest thing is—I don’t want to throw it under the bus—but the
app was clearly done by someone following a tutorial."

HAR!

------
joveian
So it sounds like for people able to use the app (maybe limited in part due to
the use of TestFairy free tier (from a different vice article)), the app
correctly got data into Google Cloud Functions, but a script used to transfer
the data from there to the Iowa Democratic Party (not sure what they were
using) didn't work correctly (due to a "data formatting error"). Some people
were confused by the three six digit numbers needed, a precinct id, PIN, and
two-factor code (auth0, according to the other vice article with screenshots).

ProPublica also found there was a MITM vulnerability:

[https://www.propublica.org/article/the-iowa-caucuses-app-
had...](https://www.propublica.org/article/the-iowa-caucuses-app-had-another-
problem-it-could-have-been-hacked)

However, even if the app didn't mess up numbers there seem to be a bunch of
issues with the numbers:

[https://www.nytimes.com/2020/02/06/upshot/iowa-caucuses-
erro...](https://www.nytimes.com/2020/02/06/upshot/iowa-caucuses-errors-
results.html)

