[snowwrestler]

Pretty sure this is just the standard process for "side-loading" apps onto Android phones. (By the way, the ability to do this is sometimes cited here on HN as a strength of the Android system vs. iOS.)

The primary sin here by the party and app developers seems to be far too much belief in the power of obscurity. A well-coded app with a good authentication scheme could have been distributed through app stores weeks in advance and it would not have made any difference to the security--but would have made a huge difference in testing and user on-boarding.

[kunai]

The app commonly used for Democratic campaign on-ground canvassing, known as MiniVAN, is vetted, works well, and available through proper channels. There is no reason that that couldn't have been the case here. For something as mission-critical as this, the process to obtain the application involved needs to be clear as day. Most Android users do not sideload applications because of the inherent security risks. There are just colossal fuckups all the way down and a clear chain of incompetence at the core of this debacle.