Website vs. App Security Question

My daughter waited until the last minute to try and submit Financial Aid Form information to a https government website. Per Murphy’s law, the website is down indefinitely, but she needs it yesterday! Luckily, there is a government app that claims the data is encrypted, But, it is equally secure or better than the https website? Your educated, factual answers on this subject?

With https you know that they’re encrypting it over the wire, but that tells you nothing about how they’re storing it on the other end.

With the app, “it’s encrypted” could mean anything from that they’re encrypting over the wire to they’re encrypting data on the device to they’re encrypting data on the far end, it’s not clear. You would need further details.

In general, I would assume that the coders that the government has hired aren’t very good at their job and the data is insecure some way or another. Set up a password that isn’t shared with any other accounts that you have, and assume that your address, name, and finances are open to Russia no matter what you do. Fortunately, Russia is unlikely to show up at your bank to impersonate you. That sort of person is probably getting your financial details from your trash can.

I should also note that usually the app is just pulling webpages down from the same server as the website and is displaying them in a webview widget. This is easier for the developers to port features back and forth (because it’s all the same thing) and allows them to push out changes to the customer without having to force an app upgrade.

As such, I wouldn’t be surprised if the app isn’t working, if the website isn’t. And if it isn’t, then yeah, you’re probably going over https, but that’s not going to do you any good since the site/app aren’t working.