Iowa caucus app was rushed and flawed from the beginning, experts say

"Someone was not paying attention or on a deadline," said one analyst who was able to examine the app.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
By Ben Popken and Maura Barrett

The smartphone app that caused a significant delay in reporting Iowa caucus results suffered from technical and design flaws and appeared to have been rushed into use, according to cybersecurity experts who examined a version of the app that was made public.

The app became the subject of widespread scrutiny after the Iowa Democratic Party said problems with reporting the caucus results were due partly to "coding issues" with the app, which was being used for the first time.

Results had been expected Monday evening, but the party released only partial results Tuesday. As of Wednesday evening, the complete results still hadn't been released. Party Chairman Troy Price said Tuesday that the underlying vote count, backed up by paper records, hadn't been affected but that the party was proceeding with caution to make sure it released accurate results. The party said it was counting the caucus math worksheets by hand.

The app was supposed to be the "preferred" method for caucus chairs to submit results, but only about a quarter did so, said Gerard Niemira, the CEO of Shadow Inc., which developed the app for the Iowa Democratic Party. The majority of chairs opted to call in, jamming understaffed hotlines.

Full coverage of the Iowa caucuses

Developers who were able to look at a version of the app that was made public said it suffered from two problems. First, a flaw in how it reported data meant that accurately recorded results weren't properly communicated back to the party. Second, the user experience made the app difficult to use, particularly because it required users to first download a separate app that developers often use to test new apps. That proved a high barrier for many caucus chairs.

State party officials said they had provided training before the caucus to precinct chairs, including hiring a dedicated training staffer. They also provided live troubleshooting on the day of the caucus.

Thomas Moore, a security architect at Signal Hill Technologies, a cybersecurity company in Virginia, analyzed the app and found that it was simple and appeared to function as designed.

Iowa Democratic Party headquarters in Des Moines on Tuesday, Feb. 4, 2020.Alex Wong / Getty Images

"The app was built relatively lean to strictly perform the functions that it set out to do, take pictures, gather data, send that data and apply an identity verification wrapper over top of the application," Moore said.

The failure to catch the critical coding error beforehand showed that the system wasn't fully tested, Moore said.

Other experts who looked at the code found evidence of hurried work.

"The app appears rushed," said Irfan Asrar, a threat analyst at Blue Hexagon, a San Francisco-based cybersecurity firm. "Someone was not paying attention or on a deadline."

Niemira said Tuesday that the app itself was "sound," but he apologized for the reporting problem.

"The coding failure created inconsistencies in how the vote totals were transferred from Shadow's app to the IDP's database and was the culprit for the delay," Niemira said in a statement. "Once we discovered the issue, it was remediated and additional checks were performed on the underlying data to ensure its integrity."

"IDP" is short for the Iowa Democratic Party.

Download the NBC News app for breaking news and politics

The coding issue was only part of the problem. The Iowa caucuses relied on more than 1,600 volunteers to run their nearly 1,700 caucus sites. At least half a dozen managers who spoke with NBC News said training on the app was inadequate.

Downloading the app wasn't a simple process. Because it wasn't released through an official app store, caucus managers on Apple devices needed to first download another app that allows developers to ship test versions of apps. Users on Samsung and other Android devices had to change device settings to be allowed to download the app.

A campaign official told NBC News that their team received a version of the app only about 10 days before the caucuses. Even then, it was two days before the campaign's team was able to download and access it properly.

Caucus managers said they received at least six emails from the party or Shadow with instructions on downloading the app and requests to test out different bug fixes.

Even before the app's rollout, there was evidence that it would face a difficult situation. The party used an app in 2016 made by Microsoft to report caucus results, but only about half of the precinct chairs opted to use it. A former party official said the party left guidance for incoming officials that training for caucus chairs would be paramount.

Eddie Perez, global director of technology development for the Open Source Election Technology Institute, a nonprofit that conducts election technology research, said the email chain showed the app's "amateurish" deployment. NBC News has collaborated with the institute since 2016 to monitor U.S. election technology and voting issues.

"A barrage of emails right before the caucus, a confusing app interface and no training all betray an ignorance of basic project management, technology testing and simple human usability," Perez said.

Dan Gallo contributed.