The Internal Revenue Service’s IRS2Go smartphone application has been judged to be secure, but a new government report criticizes the agency for using a non-approved programming development language and skirting the traditional approval process.
The IRS released its IRS2Go mobile app for the Apple iPhone and Google Android smartphones in January (see
In a new
The IRS told TIGTA that it made a risk-based decision not to pursue the waivers because of the time constraints under which the project operated. However, the IRS could not provide any documentation of that risk-based decision, and the agency informed TIGTA’s inspectors that it was a verbal decision.
TIGTA also found that the IRS did not comply with Office of Management and Budget Circular A-130 regulations, which require senior officials to approve the application before its public release. While the IRS2Go app did not have any significant security issues when it was released to the public, using a system development approach that does not comply with the OMB regulations increases the risk that applications released to the public may contain security or privacy weaknesses, the report noted.
“The IRS is to be commended for using technology to make tax information more accessible to taxpayers,” TIGTA Inspector General J. Russell George said in a statement. “However, I am troubled that the IRS took some shortcuts in developing the application. While no significant security problems were identified, development of future smartphone applications should follow approved processes to avoid introducing unnecessary risk into the development process.”
TIGTA recommended that the IRS follow software development processes and comply with policies when developing new smartphone apps. IRS officials agreed with the recommendations.
“As this is the first mobile application developed by the Internal Revenue Service we recognize we have more work to do to ensure we fully document our work and receive necessary waivers on a more timely basis under our rapid development process,” wrote IRS chief technology officer Terence V. Mulholland in response to the report.”