Why shortcuts lead to failure: Lessons from app disaster in Iowa caucus

Quality control and standard software dev process could have prevented extended delays in reporting the results of the 2020 Iowa Caucus.

The Democratic candidates are still waiting to hear who won in Iowa, and poor software development practices are to blame. Apparently the app was deployed through mobile testing platforms, not the App Store or the Play Store. Companies have been abusing that distrubution method to get around the quality control processes built into the more formal distribution methods.

Here are the lessons to take away from the mistakes the Iowa Democratic Party made and advice on how to avoid a similar disaster.


AVOID SHORTCUTS AND UNNECESSARY COMPLEXITY

Brain Foster, a senior vice president at MobileIron, said that it appears that the caucus app was overly complicated and required too many steps to log on, including email and password,   two-factor authentication, and a precinct PIN.
 
"This is where innovative capabilities that eliminate passwords and enable frictionless secure authentication, like zero sign-on, are critical," he said.

Peter Klayman, the practice lead for business strategy at Bottle Rocket, said it appears that the app didn't get any quality assurance testing or user testing.

"Developers should ideally combine automated tests and manual testing to ensure their app is of the highest possible quality and determine if the servers supporting their app is agile enough to cope during high-traffic hours," he said.

Robert Ross, the CTO of Curtail, said the failure at the Iowa caucus shows the risk of developing software on shorter, riskier timelines and waiting to identify and fix problems when the systems break, as opposed to resolving the problems before releasing the software.

"Software developers can avoid these problems by allowing time for a dry run of the software at scale including manual and automated client testing along with load testing of the service," he said.

Klayman also said that investing in training materials and training sessions with users is insurance against embarrassment.

"It is paramount for developers to take the extra time to understand the best experience for the user, and bullet-proof the build of that experience to avoid reputational damage," he said.

Foster also said that a new app takes between six and nine months to develop, not two.


BEST PRACTICES FOR RELEASING AN APP: TEST, TEST, AND TEST MORE

Using applications for elections is a good idea as long as the software is well-built. Bob Davis of Plutora said modern software processes require security, compliance, and governance to be built in from the start as well as testing throughout. 

Oren Rubin, CEO of Testim, agreed, adding that business owners should take a lesson from the Iowa Democratic Party's mistakes about the significance of testing at all levels: Unit testing, integration testing, functional testing, end-to-end testing, security testing, performance, and scalability testing.

"The test plan must match or at least approximate the target environment including devices, network connectivity, data transfer size, user skills and more," he said. 
 
Foster of MobileIron said that an app should be deployed as part of a mobile application management (MAM) strategy to streamline deployment and updates and improve security. 

"It will ensure that only trusted users can access the data through secured devices, apps, networks and clouds," he said.

Foster added that work is never done for mobile app developers. 

"Even after an app is launched, app developers must continuously review how their solution is performing — not just to meet the needs of end users and IT admins, but to also address the constantly shifting threat landscape," he said.

This piece was originally published on www.techrepublic.com by Veronica Combs