Motherboard asked six cybersecurity and app development experts we trust to analyze the app. The app was built on top of React Native, an open-source app development package released by Facebook that can be used for both Android and iOS apps, according to Kasra Rahjerdi, who has been an Android developer since the original Android project was launched, and Robert Baptiste, a white-hat hacker who has exposed security flaws in many popular apps and reviewed the code. Rahjerdi said that the app contains default React Native metadata and that it comes off as a “very very off the shelf skeleton project plus add your own code kind of thing.”
“Honestly, the biggest thing is—I don’t want to throw it under the bus—but the app was clearly done by someone following a tutorial. It’s similar to projects I do with my mentees who are learning how to code,” Rahjerdi said. “They started with a starter package and they just added things on top of it. I get deja vu from my classes because the code looks like someone Googled things like ‘how to add authentication to React Native App’ and followed the instructions,” Rahjerdi said.
“The mobile app looks hastily thrown together,” Dan Guido, CEO of cybersecurity consulting firm Trail of Bits, told Motherboard.
Hey, look at the bright side of the debacle. At least journalists are finally learning to code!