When it comes to the integrity of our elections, it’s important to remember that things can always get worse.

That painful truth was dragged deeper into our skulls today with the revelation that the broken app that was partly responsible for the February 3 disaster in Iowa Caucus also happened to be extremely hackable. That’s right, according to security researchers who analyzed the app’s code, bad actors could have changed the number of votes.

ProPublica reports that the security company asked Veracode to look over the IowaReporterApp. What Veracode certainly thought did not reassure. In addition to the fact that it is possible to change the polling stations, Veracode told ProPublica that passwords could have been intercepted.

It is important that there are currently no indications that voting volumes have been changed in this way. The fact that the app was designed in such a way that there could have been the astonishing negligence in the design and development process.

Speaking of which, the Iowa ReporterApp was created by a company named Shadow Inc. The company has posted a statement on its website in which it apologized for not passing on votes in time and accurately.

“We sincerely regret the delay in reporting the results of the Iowa caucuses last night and the uncertainty that this has caused for the candidates, their campaigns and democratic caucus visitors,” read the statement in part.

In particular, the statement does not relate to the alleged poor security of the app.

According to the New York Times, Iowa officials at Shadow Inc. Paid $ 63,183 to develop the app over the course of two months. ProPublica reports that officials from the Iowa Democratic Party have never hired the Department of Homeland Security on an offer to evaluate the app.

But wait, it becomes even more shady. Kasra Rahjerdi, an Android developer who has checked the code of the app, told Motherboard that it looks like the app was made by someone who is just learning to write code.

“To be honest, the biggest thing – I don’t want to throw it in the bus – but the app was clearly done by someone following a tutorial,” he partially told Motherboard. “I get deja vu from my lessons because the code looks like someone has Googleed things like” how to add authentication to React Native App “and follow the instructions.” Yikes.

Because the full results of the Iowa Caucuses have not been reported two days after the event, it is important to remember that an app should never have been used to report votes. A report from 2018 entitled “Securing the Vote: Protecting American Democracy” and published by the National Academies of Sciences, Engineering and Medicines, makes that clear.

“At present, the internet (or a network connected to the internet) may not be used for the return of marked ballots.”

Someone in the Democratic Iowa party had observed that warning. As it is, we are stuck in the aftermath of a broken and hackable app that kicked off the Democratic presidential primary.

And don’t forget, it can all get worse.

