South African Electoral Commission’s mobile app for voters: Data privacy and security dimensions

Authors

DOI:

https://doi.org/10.23962/ajic.i34.18132

Keywords:

elections, voters, technology, mobile apps, data privacy, data security, South Africa, Electoral Commission, IEC

Abstract

In 2014, the Electoral Commission of South Africa (also known the “IEC”) launched a mobile app to support voter participation in electoral processes. The app, called IEC South Africa, can be used to verify, update, and confirm a voter’s registration details and voting station. It also provides an interface for special-vote applications and real-time election results. This study conducted a privacy and security analysis of the app, through a compliance review of the IEC’s privacy policy in terms of the South African data protection legislation, followed by an analysis of the app’s APK files, permissions, third-party trackers, and vulnerabilities, including API (application programming interface) calls. The analysis revealed several security and privacy concerns, including inadequately secured API keys, the potential for unauthorised access, and the potential for data breaches. In addition, the presence of advertising and analytics trackers suggested third-party data-sharing, raising concerns about transparency and user consent. The study draws attention to the need for the IEC to take action to address the app’s security and privacy weaknesses. The study also demonstrates the importance of data minimisation, transparent practices, and adherence to privacy policies in order to maintain user trust and security in electoral technology.

References

Akokpari, J. (2012). Is electoral politics a new source of human insecurity in Africa? Afro Asian Journal of Social Sciences, 3(2), 1–24.

Alepis, E., & Patsakis, C. (2019). Unravelling security issues of runtime permissions in Android. Journal of Hardware and Systems Security, 3, 45–63. https://doi.org/10.1007/s41635-018-0053-2

Android Developers. (n.d.-a). Android debug bridge (adb). https://developer.android.com/tools/adb

Android Developers. (n.d.-b). Permissions on Android. https://developer.android.com/guide/topics/permissions/overview

Autili, M., Malavolta, I., Perucci, A., Scoccia, G. L., & Verdecchia, R. (2021). Software engineering techniques for statically analyzing mobile apps: Research trends, characteristics, and potential for industrial adoption. Journal of Internet Services and Applications, 12(3), 1–60. https://doi.org/10.1186/s13174-021-00134-x

Barnes, A., Brake, C., & Perry, T. (2016). Digital voting with the use of blockchain technology. Plymouth University. https://www.economist.com/sites/default/files/plymouth.pdf

Bassey, I., & Netshipise, N. (2013). Extending e-democracy to enhance voter registration and identification: South Africa elections perspective. International Journal of Computer Science & Engineering Technology, 4(1), 35–43.

Carolan, L. (2015, December 10). Why data was crucial to Burkina Faso’s first election since uprising. Data Blog. World Bank. https://blogs.worldbank.org/en/opendata/why-data-was-crucial-burkina-faso-s-first-election-uprising.

Carolan, L., & Wolf, P. (2017). Open data in electoral administration. International IDEA. https://doi.org/10.31752/idea.2017.5

Cheeseman, N., Lynch, G., & Willis, J. (2018). Digital dilemmas: The unintended consequences of election technology. Democratization, 25(8), 1397–1418. https://doi.org/10.1080/13510347.2018.1470165

Cote, C. (2021, October 26). What is predictive analytics? 5 examples. Business Insights Blog. Harvard Business School Online.

Debos, M. (2016, May 4). Biometric voting in Chad: New technology, same old political tricks. The Conversation. https://theconversation.com/biometric-voting-in-chad-new-technology-same-old-political-tricks-58663

Enguehard, C. (2008). Transparency in electronic voting: The great challenge. Paper presented to Conference on “E-democracy – State of the art and future agenda”, 22–24 January, Stellenbosch, South Africa.

Evrensel, A. (Ed.) (2010). Voter registration in Africa: A comparative analysis. Electoral Institute for the Sustainability of Democracy in Africa (EISA). https://www.eisa.org/wp-content/uploads/2023/05/edited-volume-2010-voter-registration-comparative-analysis-south-africa-eisa-publication.pdf

Fall, I. M., Hounkpe, M., Jinadu, A. L., & Kambale, P. (2011). Election management bodies in West Africa: A comparative study of the contribution of electoral commissions to the strengthening of democracy. Open Society Foundations. https://www.africanminds.co.za/wp-content/uploads/2016/05/9781920489168_txt.pdf

Gelb, A., & Diofasi, A. (2016). Biometric elections in poor countries: Wasteful or a worthwhile investment? Center for Global Development. https://doi.org/10.2139/ssrn.2848544

Gentile, B. (2010, September 30). Transparency, participation, and collaboration: The distinguishing principles of open source. opensource.com. https://opensource.com/principles

IEC: Electoral Commission of South Africa. (n.d.). Disclaimer. https://www.elections.org.za/pw/Disclaimer

IEC: Electoral Commission of South Africa. (2021, July 14). Electoral Commission launches online voter registration. https://www.elections.org.za/content/About-Us/News/Electoral-Commission-Launches-Online-Voter-Registration/

International Institute for Democracy and Electoral Assistance (International IDEA). (2011). Introducing electronic voting: Essential considerations. https://www.idea.int/sites/default/files/publications/introducing-electronic-voting.pdf

International IDEA. (2024). ICTs in elections database [Dataset]. https://www.idea.int/data-tools/data/icts-elections

Iwuoha, V. C. (2018). ICT and elections in Nigeria: Rural dynamics of biometric voting technology adoption. Africa Spectrum, 53(3), 89–113. https://doi.org/10.1177/000203971805300304

Jones, S. (2017). Digital solutions for political finance reporting and disclosure: A practical guide. International IDEA.

Khumalo, J. (2021, November 1). IEC defends faulty Voter Management Devices amid party complaints, reports of issues. News24. https://www.news24.com/news24/southafrica/news/iec-defends-faulty-voter-management-devices-amid-party-complaints-reports-of-issues-20211101

LinkedIn. (n.d.). Quick Android review kit (QARK). Github. https://github.com/linkedin/qark

Micheni, E., & Murumba, J. (2018). The role of ICT in electoral processes: Case of Kenya. In 2018 IST–Africa Week Conference (IST–Africa) (pp. 1–11), Gaborone. https://ieeexplore.ieee.org/abstract/document/8417188

Mozaffar, S. (2002). Patterns of electoral governance in Africa’s emerging democracies. International Political Science Review, 23(1), 85–101. https://doi.org/10.1177/0192512102023001005

Maseko, M. (2024). Voter management devices in South Africa’s elections, 2021–2024. Journal of African Elections, 23(1), 25-48. https://doi.org/10.20940/JAE/2024/v23i1a3

Moyo, A. (2024, March 11). InfoReg demands answers on political candidate lists leak. ITWeb. https://www.itweb.co.za/article/inforeg-demands-answers-on-political-candidate-lists-leak/JBwEr7n3eaaM6Db2

Mulholland, P. (2021, January 26). Estonia leads world in making digital voting a reality. Financial Times. https://www.ft.com/content/b4425338-6207-49a0-bbfb-6ae5460fc1c1.

Mzekandaba, S. (2021, November 5). New tech “catapulted” electoral management, says IEC. ITWeb. https://www.itweb.co.za/article/new-tech-catapulted-electoral-management-says-iec/JN1gP7OYgWwqjL6m

Obiefuna-Oguejiofor, O. (2018). Advancing electronic voting systems in Nigeria’s electoral process: Legal challenges and future directions. Journal of Sustainable Development Law and Policy, 9(2), 187–219. https://doi.org/10.4314/jsdlp.v9i2.10

Power, S., Khumalo, S., & Trott, W. (2021, May 24). Democracy 2.0: Digital voting systems. alt.advisory. https://altadvisory.africa/2021/05/24/democracy-2-0-digital-voting-systems

Republic of South Africa (RSA). (2013). Protection of Personal Information Act 4 of 2013 (POPIA). https://popia.co.za

SAnews.gov.za. (2014, May 4). IEC releases mobile phone apps. https://www.sanews.gov.za/south-africa/iec-releases-mobile-phone-apps

Schaffer, F. C. (2008). The hidden costs of clean election reform. Cornell University Press.

Tambanis, D. (2019, February 5). Election voting: Blockchain case studies. Medium. https://medium.com/bpfoundation/election-voting-blockchain-case-studies-18321c379529

Trummer, T. (2015, August 17). Introducing QARK: An open source tool to improve Android application security. https://security.linkedin.com/content/security/global/en_us/index/posts/2015/introducing-qark

UN Development Programme (UNDP). (2021, November 17.) AI-powered fact-checking tool iVerify, piloted during Zambia election, shows global promise.

Downloads

Published

28-12-2024

Issue

No. 34 (2024)

Section

Research Articles

License

Copyright (c) 2024 Nawal Omar, Scott Timcke

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

“South African Electoral Commission’s mobile app for voters: Data privacy and security dimensions” (2024) The African Journal of Information and Communication (AJIC), (34), pp. 1–21. doi:10.23962/ajic.i34.18132.
Views
  • Abstract 43
  • PDF 8