[rwbhn]

It gets worse! From updated story at same url (so annoying!) "Workers were reportedly expected to download a file to their Android phones, enable a setting that allows for the installation of apps from untrusted sources, and then bypass prompts warning that doing so could cause a security breach."

I know nothing about the app itself, but clearly the process around deploying it was a fiasco. We really need competent people running elections.

[snowwrestler]

Pretty sure this is just the standard process for "side-loading" apps onto Android phones. (By the way, the ability to do this is sometimes cited here on HN as a strength of the Android system vs. iOS.)

The primary sin here by the party and app developers seems to be far too much belief in the power of obscurity. A well-coded app with a good authentication scheme could have been distributed through app stores weeks in advance and it would not have made any difference to the security--but would have made a huge difference in testing and user on-boarding.

[kunai]

The app commonly used for Democratic campaign on-ground canvassing, known as MiniVAN, is vetted, works well, and available through proper channels. There is no reason that that couldn't have been the case here. For something as mission-critical as this, the process to obtain the application involved needs to be clear as day. Most Android users do not sideload applications because of the inherent security risks. There are just colossal fuckups all the way down and a clear chain of incompetence at the core of this debacle.

[krn]

In other words, the Android app was delivered as an .apk file and not available on Google Play. That sounds like "security through obscurity". What about iOS devices then?

[BlueTemplar]

Blame Google for making what should be the normal way to install applications so hard.