NewsNation

CBP failed to plan for risks in app used by migrants: Audit

Migrants hold up their phones showing the CBP One app at a shelter Sunday, Jan 22, 2023, in Tijuana, Mexico. A mobile app for migrants to seek asylum in the United States has been oversaturated since it was re-introduced in January in one of several major changes to the government's response to unprecedented migration flows. Hoping to get lucky when a new appointments are made available daily, migrants are increasingly frustrated by a variety of error messages. (AP Photo/Elliot Spagat)

(NewsNation) — Officials with the U.S. Department of Homeland Security detected vulnerabilities in a mobile app used by new arrivals who crossed the southern border illegally that is used to schedule appointments to present migrants for processing, according to an audit released this week.

The report, compiled by the DHS Inspector General’s Office, indicated the U.S. Customs and Border Protection did not thoroughly plan for risks within its CBP One app although it initially addressed weaknesses in the app.


Officials determined that CBP — the agency charged with safeguarding U.S. borders — did not formally address technological risks, which opened the information contained within the app to security risks, including susceptibility to exploitation and cyberattacks.

The Inspector General wrote that although the CBP One app uses biographic and biometric information submitted by users, the report determined that the app does not leverage the information to identify suspicious trends as part of the prearrival vetting process. Subsequently, Homeland Security identified potentially unrelated nonarrivals who repeatedly claimed U.S. residences as their intended address.

In addition, the technological breakdowns led to migrants experiencing crashes within the app, frequent error messages, language barriers and perhaps most importantly, not having had equal opportunities to secure appointments with border officials.

In response, Homeland Security officials wrote that CBP concurred with the findings and agreed to address the federal agency’s concerns.

What is the CBP One app used for?

U.S. Customs and Border Protection developed the CBP One app in October 2020 to serve as a single portal for a variety of agency services.

However, in 2023, the app was expanded to allow undocumented new arrivals to schedule appointments at one of eight entry points along the U.S. southern border. Because most of those crossing the border illegally do not have valid travel documents, border agents spend considerable time collecting and processing information regarding those crossing into the U.S., the report said.

The CBP One app streamlines the process by providing officers with advanced biographic and biometric information that is intended to reduce the burden of those vetting new arrivals at the border.

While the app originally only allowed noncitizens seeking an exception to the Centers for Disease Control and Prevention’s public health policy, the expanded version of the app allowed migrants who were seeking safe and orderly arrival into the U.S. the ability to schedule appointments.

According to the report, CPB processed more than 264,500 noncitizens who registered with the CBP One app between January and August of 2023.

CBP’s failure to mitigate tech risks

The Inspector General’s Office determined that CBP did not initially consider critical factors with the app’s design, including language translation and the ability to have equal opportunities to schedule appointments. As a result, app users experienced system crashes and error messages and often were not able to access their language on the app, the report said.

By failing to address potential risks, Homeland Security found that “CBP may be missing an opportunity” to use information stored in the app to improve the pre-vetting process.” As a result, Homeland Security officials detected security vulnerabilities within the CBP One app, the report said.

Additionally, CBP’s failure to plan for potential design flaws within the app’s Genuine Presence function, which is a security feature designed to ensure that the user is a real person, the report said. The function helps to ensure that the users are not “bad actors” using a fraudulent identity to secure an appointment with border officials.

In its response, CBP officials told Homeland Security they did not anticipate the “unprecedented demand” for appointments and did not warn contractors about the anticipated increase in app users.

The report indicated that CBP also failed to address other shortcomings, which led Homeland Security officials to determine that the app’s scheduling function was not fully ready to fulfill its purpose.  

Homeland Security officials wrote in the report that it recommends that CBP take a series of steps to improve the prearrival vetting process and mitigate vulnerabilities with the app. It ordered the agency to submit a report when the improvements have been made, providing evidence of completion of the agreed-upon actions.