In 2014 the Independent Electoral Commission (IEC) released a mobile app for voters aimed at providing voter verification, election updates, confirmation of voters’ registration details, real-time election results and responses to special vote applications.
While the app was advertised as an important tool to support civic participation in South Africa’s democracy, upon review of its compliance with the IEC’s privacy policy in terms of the South African data protection legislation, RIA researchers Scott Timcke and Nawal Omar demonstrate numerous data privacy and security concerns.
Their research paper, titled South African Electoral Commission’s mobile app for voters: Data privacy and security dimensions, which was recently published in the African Journal for Information and Communication, unpacks the weaknesses of the IEC’s voter app.
Analysis of the app’s APK files, permissions, third-party trackers, and other vulnerabilities including API (application programming interface) revealed the following:
- Inadequately secured API keys
- Potential for unauthorised access
- Potential for data breaches
- Susceptibility to analytics trackers that suggested third-party data-sharing
Timcke and Omar’s chapter raises concerns about user consent, trust and security in electoral technology, calling attention to the need for the IEC to take action while highlighting the importance of data minimisation, transparency and adherence to privacy policies.
This paper was originally published by the Link Centre of the University of Witwatersrand on 28 December 2024.
