Bugs are a common part of any application’s development process, highlighting opportunities to improve functionality and achieve greater stability.
That said, serious bugs simply aren’t acceptable in finished code for mission-critical operations. As a case in point, take the Iowa 2020 primary caucus reporting app, which was so infested with remaining bugs that it was able to bring the state’s electoral process to a standstill.
A number of pivotal factors contributed to Iowa's app nightmare, including:
- A new app from a new vendor, with little to no testing
- Insufficient training for end users
- Heightened reporting complexity
- Trouble with user logins
- Errors in data transmission
- Underpowered backup plan
Shadow, the company in charge of the 2020 caucus reporting app, has drawn plenty of negative attention due to the app's general failure. In turn, this has highlighted another key factor that greatly influenced the situation's outcome: a vendor shift from Microsoft.
The Risk of Swapping Vendors
Before 2016, Iowa’s were handled entirely manually; caucus leaders would tally everything up by hand, and then call in the results. This first "smartphone election" in 2016 led the way for the 2020 caucus to follow suit.
In 2016, Microsoft developed the first reporting app used by the Iowa caucuses, in partnership with InterKnowlogy. The resulting app featured an efficient dual-authentication feature that helped keep data submission secure without negatively impacting performance, and it ultimately proved capable of successfully handling 95% of all results within a few hours of the caucuses having started.
By contrast, Shadow's app was unable to accurately report results during or after the event, and many users were barred from even opening the app, due to unexplained connectivity errors.
Further, Microsoft and InterKnowlogy put a substantial effort into the proper training of users, in addition to providing a completely automated phone system as a backup reporting option. Unfortunately, it appears that Shadow provided little (if any) app training for volunteers, leaving many to navigate the complex installation process on their own on the day of the event.
Deadlines, Delays and Data Transparency
Successful app usage in the 2016 Iowa caucuses may have contributed to a false sense of security that similar outcomes would be achieved in 2020, despite changing from one vendor to another. This allowed a number of technical issues to sneak through, undetected.
Deferred Development Goals
Testing of the security and stability of Shadow’s app appears to have been put off altogether leading up to its use. This may have been due to the app’s development being commissioned with relatively little time to spare before it would be used. Some sources claimed as little as two months total were given to the team at Shadow to complete the job.
Instead of a standard release on platform-specific stores (in this case, Google Play and Apple's App Store), the caucus reporting app was released on test networks (Apple's Testflight and TestFairy). The use of these networks suggests that not enough time was devoted to thorough testing beforehand, and that the app was not ready to be accepted by relevant app stores.
The development of a new app altogether comes as a bit of a surprise, considering the previous app’s success. Although the reason a new app was developed is unknown as of this writing, clear differences do exist between the 2020 solution's intended functions and those of the app used in 2016. For instance, the latter was used by both the Democratic and Republican parties to handle reporting, while the former was specifically designed for Democrats to use.
Unclear Data Integrity Details
Whether any of the data the app captured and processed is usable remains a mystery. Although a public statement from Shadow on February 4th, 2020 insists the underlying data captured by the app is untainted, the official recovery effort's insistence on tracking the event's paper trail suggests otherwise.
"Security Through Obscurity"
Although the practice of maintaining the security of designs and systems through secrecy has long been ousted as ineffective on its own, this appears to have been the development approach that was taken with the IA caucus app. Party officials reportedly put off revealing details about the app to ensure such information could not be used against them.
Even the app's intended contingency hotline system was shrouded in mystery by Iowa democrats, who refused to provide details on it at all. The impact of this decision was amplified when the app failed to cope with the influx of calls from frustrated officials during the event.
Inconsistent Data Syncing
Finally, as data rolled in, Shadow’s caucus app began to show serious inconsistencies in what it was capturing. Results were allegedly captured correctly, but only partially transmitted, making the data unusable on arrival.
Coding and Procedural Failures
Yet again, where core software engineering values are concerned, the 2020 Iowa caucus app missed the mark.
The App's Reporting System
The use of complicated reporting features and security practices impeded users from so much as accessing the app in many cases, let alone transmitting critical data through it.
As it turns out, Shadow's caucus app design for 2020 was quite a bit more complex than the app developed by Microsoft for the 2016 event, requiring users to input tallied results into the app, take pictures of handwritten paper documents, and then upload all of the above to servers only the app could connect with.
A secure web application with two-factor authentication that could accept such documents might have fared better for such a purpose. By choosing to create a device-specific app, Shadow was forced to accommodate multiple device models and cellular networks, further contributing to its challenges.
Backups and Contingency Plans
Although backups were nominally a part of the plan with the Shadow app, screenshots and paper trails proved to be the only contingencies in place for addressing issues arising from the app’s use.
Nonexistent Testing Processes
Despite allegedly having been tested by the Department of Homeland Security, it would seem as though no significant real-world testing was completed before the app was used, and very little information on how to use it was offered to officials before the event.
The Bottom Line
Although Shadow CEO Gerard Niemira insisted the app itself was fine in an interview with Bloomberg, it’s clear that it wasn’t up to the challenge of the workload it was intended for. At the end of the day, Shadow failed to pinpoint and address the real-world problems its app would face prior to its release and was met with failure as a result.
The issues with Shadow’s app underscore how critical thorough testing is in software development, especially for purposes of such magnitude. Automated testing measures could have helped Shadow to streamline the process and uncover issues - before being put to the test on the national stage.
At Simpat, we’re sticklers for implementing continuous integration and deployment processes in all of our projects, setting up real-world test harnesses and utilizing automated testing with every code commit. We aren’t perfect, but we can say with 100% certainty that our approach would have uncovered the app's load issues early on and resolved them entirely before such a mission-critical launch.
For more info on our development strategies and how they can help your business handle real-world challenges, get in touch to schedule a free consultation.