Papers
Topics
Authors
Recent
Search
2000 character limit reached

Smartphone Democracy: Models & Methods

Updated 6 July 2026
  • Smartphone Democracy is a design space where smartphones serve as voting terminals, identity verifiers, and sensing devices for direct digital participation.
  • It spans diverse architectures—from client-server experiments to decentralized, serverless systems and urban context-aware platforms—enhancing secure and real-time civic engagement.
  • Empirical evaluations highlight its potential through tests in experimental voting, urban sensing, and cryptographic protocols despite ongoing challenges in privacy and vendor control.

SmartphoneDemocracy denotes a family of technical and institutional designs in which democratic participation is organized around the smartphone as the primary personal device for voting, deliberation, sensing, identity verification, and networked coordination. Across the literature, the term ranges from smartphone-centered experimentation with preferential voting rules, to situated urban participation tied to physical presence, to serverless grassroots governance and privacy-preserving e-voting on decentralized infrastructure. A recurrent premise is that democratic legitimacy in digital environments depends not only on social-choice rules, but also on device architecture, identity systems, privacy mechanisms, and the distribution of infrastructural control (Kunz et al., 2023, Shapiro, 2024, Pournaras, 2019, Jóźwik et al., 13 Jul 2025, Groschupp et al., 2021, Groschupp et al., 2022).

1. Conceptual scope

In research on digital democracy, SmartphoneDemocracy is closely associated with direct, digital participation in policy-making, citizens’ assemblies, participatory budgeting, elections, and related collective-choice settings. One line of work frames smartphones as the practical medium through which theoretical voting rules can be tested repeatedly in realistic settings; another treats the smartphone as the universal node of a distributed civic infrastructure; a third links participation to urban context and witnessable events in public space; and a fourth formalizes end-to-end verifiable e-voting directly from personal devices (Kunz et al., 2023, Shapiro, 2024, Pournaras, 2019, Jóźwik et al., 13 Jul 2025).

A central conceptual distinction concerns what, exactly, runs “on smartphones.” In VoteLab, the smartphone is the voter-facing endpoint of configurable campaigns and experiments. In Smart Agora, it is both a sensing device and a decision device tied to points of interest in the city. In the grassroots architecture, it is simultaneously identity, voting terminal, wallet, and node in a distributed system with no global shared resource. In the 2025 e-voting protocol titled “SmartphoneDemocracy,” it is also a cryptographic execution environment that performs registration, proof generation, vote encryption, and peer-to-peer ledger participation (Kunz et al., 2023, Pournaras, 2019, Shapiro, 2024, Jóźwik et al., 13 Jul 2025).

This literature also rejects the idea that SmartphoneDemocracy must always mean a single global application. The grassroots model instead describes many independent instances that can interoperate once interconnected, while federated assemblies use smartphones for identity, agenda setting, record-keeping, and economic transactions, but keep final votes at higher federated layers in-person and by show of hands. This suggests that SmartphoneDemocracy is not a single institutional template, but a design space spanning direct smartphone balloting, deliberative coordination, federated representation, and empirical experimentation (Shapiro, 2024).

Research line Smartphone role Democratic scope
VoteLab Native Android voting interface Experiments with voting methods
Smart Agora Sensing and decision device at POIs Augmented democracy in urban space
Grassroots architecture Node, wallet, identity, governance endpoint Local communities and federations
SmartphoneDemocracy protocol Cryptographic voter client and P2P peer Privacy-preserving e-voting
Ha’Midgam Polling client with live forecasts Real-time electoral measurement

2. Infrastructural architectures

VoteLab implements a comparatively classical client-server architecture optimized for repeated experimentation. Its three main parts are a native Android app built with Android Studio / Java, a back-end core with PostgreSQL, API handlers, and a vote processor, and a web dashboard built with Microsoft .NET for campaign design and monitoring. The app supports registration and login, tag subscription, campaign discovery, ballot casting, result viewing, and feedback; the server monitors campaigns and their closing dates and automatically computes aggregated results; and the dashboard exposes graphical tools for campaign creation, tag assignment, participation monitoring, and metadata collection. The architectural emphasis is low-friction experiment setup, smartphone responsiveness, campaign reusability, and publish-subscribe targeting through tags (Kunz et al., 2023).

The grassroots architecture is structurally different. It defines grassroots systems as distributed systems that can have many independent instances, depend on no global shared resource, and interoperate once interconnected. A grassroots platform is a serverless implementation of such a system that runs solely on the smartphones of its members, using only the Internet as a communication medium. Each phone maintains a local view of the blocklace, a block DAG whose blocks contain payloads and signed hash pointers to multiple predecessors. Because blocks commute in a partial order and the only operation is “add a block,” the blocklace is treated as a Conflict-free Replicated Data Type (CRDT). Dissemination is organized over a social graph by “cordiality”: when one agent sees a new block from another, it computes which blocks the other appears not to know and sends those (Shapiro, 2024).

Smart Agora introduces a layered urban architecture. Its physical layer includes points of interest and localization infrastructure such as GPS, and potentially LPWAN, Bluetooth beacons, or P2P ad hoc networks. A social and situation-awareness layer combines sensor fusion, behavior over time, peer-to-peer witnessing, and context challenges. A blockchain consensus layer validates presence claims through local validators and full nodes, and the application layer exposes the Smart Agora interface plus the DIAS decentralized aggregation overlay. This architecture makes participation place-sensitive and real-time: the city becomes the Agora, and smartphone-triggered interactions become micro-decisions and reports anchored in physical public space (Pournaras, 2019).

The 2025 SmartphoneDemocracy protocol uses yet another architecture: the EUDI Wallet for identity presentation, a Verifier for one-time registration, BBS-signed anonymous credentials for unlinkable eligibility, TrustChain as a peer-to-peer public bulletin board, and additively homomorphic encryption with threshold key shares for tallying. Here, smartphones are both cryptographic clients and TrustChain peers, and the public bulletin board is explicitly decentralized rather than server-hosted (Jóźwik et al., 13 Jul 2025).

3. Participation and decision workflows

VoteLab formalizes a smartphone workflow for comparative voting experiments. After app download and login, authentication uses email as verification method. Users then subscribe to tags representing topics or groups and receive active campaigns matching those tags. Ballots are rendered with widgets that depend on the voting rule: majority voting as single-choice selection, combined approval and score voting as multiple sliders or buttons with allowed discrete values, and modified Borda as multi-selection with automatic scoring. After campaign closure, users can view aggregate results and provide feedback on satisfaction, perceived fairness or legitimacy, and clarity of procedure (Kunz et al., 2023).

The voting methods themselves are explicitly modular. The paper focuses on four mechanisms: majority voting with input domain

mv={0,1},mv = \{0,1\},

combined approval voting with

cav={0,0.5,1},cav = \{0,0.5,1\},

score voting with

sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},

and modified Borda count with the same score set as score voting but with scores adjusted depending on how many options are selected. For score voting, aggregate scores per option are

Sj=i=1nsij,S_j = \sum_{i=1}^{n} s_{ij},

where sijsvs_{ij} \in sv. Each method is implemented as a module that defines its score set, ballot-validation rules, and aggregation procedure, and the platform supports within-subjects comparison of multiple methods for the same question (Kunz et al., 2023).

Smart Agora’s workflow is geographically situated rather than campaign-centered. An interactive map displays points of interest, and when a POI falls inside the user’s localization radius, the app triggers questions associated with that place. Three navigation modes are defined: Arbitrary, Sequential, and Interactive. Citizens can answer questions about urban qualities, transport choices, policy priorities, or disaster damage while the device simultaneously collects sensor data relevant to witness-presence verification and richer analytics (Pournaras, 2019).

A further workflow appears in smartphone polling rather than voting. Ha’Midgam allowed users to continuously report intended votes, immediately displayed a forecast screen with projected Knesset seats, and treated the latest vote per device ID as the current intention. On Android, users were also asked which party they voted for in the 2013 election and whether they abstained in 2013. This produced a form of real-time democratic measurement rather than a binding decision procedure (Ram et al., 2015).

The grassroots architecture generalizes these workflows into digital social contracts. In that model, membership, jurisdiction, and decision rules are specified in code; each member’s phone participates in consensus; and higher-level choice procedures may include sybil-resilient status-quo voting, aggregation over metric spaces,

argminxXi=1nd(x,xi),\arg\min_{x \in X} \sum_{i=1}^{n} d(x,x_i),

and deliberative coalition formation. This moves SmartphoneDemocracy beyond ballot casting toward structured algorithmic deliberation (Shapiro, 2024).

4. Identity, privacy, and verifiability

Identity and uniqueness are central problems for SmartphoneDemocracy, and the literature offers several distinct solutions. In VoteLab, privacy is addressed at the application level: the paper stresses that “the privacy of votes and voters’ anonymity is preserved,” while organizer-side configuration and metadata collection remain configurable. The authentication mechanism, however, is only email verification, which the authors treat as insufficient for binding elections (Kunz et al., 2023).

Smart Agora addresses authenticity through proof of witness presence. A valid action must carry location, time, context or situation awareness, and cryptographically verifiable evidence that nearby infrastructure or devices participated in the measurement. GPS alone is treated as insufficient because of spoofing, jamming, centralization, coverage, and accuracy limitations. The architecture therefore uses validators, clock synchronization, signed receipts, and protocol rules tied to physical proximity. Privacy-preserving mechanisms discussed include self-sovereign identities, zero-knowledge proofs, pseudonymity with rotation, and local or federated processing (Pournaras, 2019).

The 2025 SmartphoneDemocracy protocol integrates these concerns into a single formal flow. During registration, the Verifier extracts a unique Person Identifier (PID) from the EUDI credential and computes a verifier-side nullifier

vnf=H(PIDidE),v_{nf} = H(\text{PID} \Vert id_E),

preventing more than one registration per person per election. It then issues a BBS-signed credential with attributes {secret_id,election_id,issuance_timestamp}\{\text{secret\_id}, \text{election\_id}, \text{issuance\_timestamp}\}. On-chain registration publishes

Txreg=(cm, proofreg),Tx_{reg} = (cm,\ \text{proof}_{reg}),

where cm=Commit(secret_id)cm = Commit(\text{secret\_id}). Voting publishes

cav={0,0.5,1},cav = \{0,0.5,1\},0

with vote nullifier

cav={0,0.5,1},cav = \{0,0.5,1\},1

ciphertext cav={0,0.5,1},cav = \{0,0.5,1\},2, and a Groth16 proof that the voter knows a registered commitment, that the nullifier is correct, that cav={0,0.5,1},cav = \{0,0.5,1\},3 encrypts a valid choice, and that the choice belongs to the valid choice set. Tallying uses an additively homomorphic threshold generalized Paillier scheme, so that ciphertexts combine publicly and only threshold shares can reveal the final sum (Jóźwik et al., 13 Jul 2025).

The grassroots architecture addresses integrity and fault tolerance one layer below voting. Every smartphone holds a long-term keypair, every block is signed, and hash pointers make the blocklace tamper-proof and non-repudiable. Equivocation exclusion relies on the fact that for cav={0,0.5,1},cav = \{0,0.5,1\},4 agents with at most cav={0,0.5,1},cav = \{0,0.5,1\},5 Byzantine agents, a fault-resilient supermajority is any fraction cav={0,0.5,1},cav = \{0,0.5,1\},6, and any two such supermajorities intersect in at least one correct node. This provides a basis for consensus and state-machine replication on smartphones without a global server (Shapiro, 2024).

5. Empirical systems and evaluations

VoteLab’s proof-of-concept is an online lab experiment conducted in 2021 with 120 participants. It used four COVID-19 questions, each with five options, and four voting methods—majority voting, combined approval voting, score voting, and modified Borda count—in a within-subjects design where each participant answered each question under all four methods. For a question cav={0,0.5,1},cav = \{0,0.5,1\},7, method cav={0,0.5,1},cav = \{0,0.5,1\},8, and option cav={0,0.5,1},cav = \{0,0.5,1\},9, the analysis computes

sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},0

Consistency across methods is then summarized by rank. The main empirical observations are that voting methods were more consistent in disagreements than in agreements, that the “protection” question showed the highest consistency, and that the “vaccine” question showed the lowest mean consistency. The metadata pipeline also records decision times and changes of choice, which the paper treats as proxies for choice complexity and preference stability (Kunz et al., 2023).

Smart Agora reports two concrete case studies. In the sustainable transport testnet, 6 test users in Zurich interacted with two POIs—Zurich Hauptbahnhof and ETH Zurich Hauptgebäude—and DIAS computed the average sustainability score across users currently localized in either POI. The resulting mean values were 3.8 for Zurich Hauptbahnhof and 4.17 for ETH Hauptgebäude. In the cycling-risk study, 11 test users cycled a route with four spots whose official risk values were 1.36, 0.42, 6.21, and 8.31. Mean perceived risk versus official risk reached Pearson correlation approximately 0.94 and Spearman correlation 1.0; median perceived risk versus official risk reached Pearson correlation approximately 0.85 and Spearman correlation 1.0. The authors interpret this as evidence that witness-presence-constrained smartphone reports can approximate official safety data (Pournaras, 2019).

Ha’Midgam provides an earlier empirical example centered on electoral forecasting rather than formal voting. By 16 March 2015 the app had been downloaded by over 7,500 users, while the main 2013-vote-based correction relied on approximately 2,447 respondents. The method constructs a counts matrix sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},1, column-normalizes it into a transition matrix

sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},2

and multiplies by the official 2013 results vector sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},3 to obtain a forecast

sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},4

The authors explicitly reinterpret this as post-stratification with respondent weights sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},5, where sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},6 is the number of respondents reporting party sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},7 in 2013. The study emphasizes that smartphone-based polling can be continuous, real-time, and low-cost, but also that it is vulnerable to self-selection, age bias, turnout mis-modeling, and device-ID-limited manipulation (Ram et al., 2015).

The 2025 SmartphoneDemocracy protocol adds performance evidence for privacy-preserving mobile cryptography. Approximate transaction sizes are 1.3 KB for registration, 1.1 KB for voting, and 1.0 KB for tally shares. For sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},8 voters and sv={0,0.2,0.4,0.6,0.8,1},sv = \{0,0.2,0.4,0.6,0.8,1\},9 tally participants, total ledger data are approximated as

Sj=i=1nsij,S_j = \sum_{i=1}^{n} s_{ij},0

For Sj=i=1nsij,S_j = \sum_{i=1}^{n} s_{ij},1 and Sj=i=1nsij,S_j = \sum_{i=1}^{n} s_{ij},2, this yields around 2.4 GB on the ledger. On a Raspberry Pi 5 with ARM 8GB, BBS operations run in the millisecond range, and representative Groth16 vote-proof generation is reported as under 1 second, supporting the claim that the cryptographic workload is feasible for medium- to large-scale elections (Jóźwik et al., 13 Jul 2025).

6. Sovereignty, federation, and open problems

A recurring theme is that SmartphoneDemocracy depends on who governs the smartphone itself. The “Sovereign Smartphone” architecture argues that current smartphones are a duopoly infrastructure dominated by iOS and Google-controlled Android, and defines a target architecture with full user control, LOS protection, sapp protection, execution without leaking sapp identity, and a limited TCB. Its design centers on a small Security Monitor (SM), hardware-backed isolation on ARM and RISC-V, and sovereign apps (sapps) that can run outside the legacy operating system’s control, including with exclusive peripheral access. This reframes democratic control as a platform-governance problem: users, not OS vendors, should be the ultimate authority over software, hardware resources, and data (Groschupp et al., 2021).

TEEtime develops this into a concrete smartphone architecture based on Armv8-A trusted execution. It is described as the first TEE architecture that allows isolated execution domains to gain protected and direct access to peripherals, while maintaining compatibility with the existing smartphone ecosystem and without relying on virtualization. A small extended secure monitor in EL3 creates domains, configures memory, peripheral, and interrupt isolation, and keeps manufacturer services, legacy OSes, and user-controlled sensitive applications as peers rather than as a hierarchy in which one stakeholder is structurally above the others. The implementation reports approximately 859 new LoC on top of TF-A and demonstrates exemplary sensitive applications, but it also explicitly provides no guarantees on availability (Groschupp et al., 2022).

At the institutional level, the grassroots architecture proposes Grassroots Federated Assemblies. Local communities govern themselves democratically on smartphones and can federate upward; yet at federated layers the governing assembly is intentionally small enough that votes are taken in-person, by show of hands. The explicit justification is to address two major problems: Sybil attacks and the well-known problems of large-scale online voting. This is an important qualification within the SmartphoneDemocracy literature: some proposals extend smartphone mediation very far, but deliberately stop short of universal remote final balloting at every scale (Shapiro, 2024).

Across the literature, several limitations recur. VoteLab notes that email verification is insufficient for binding elections and flags digital divide, misinformation, and manipulation as future-work concerns. Smart Agora highlights localization security, scalability, privacy risks, and the danger of function creep. Ha’Midgam emphasizes non-representative samples, turnout bias, and the vulnerability of device-ID-based participation to coordinated gaming. The 2025 SmartphoneDemocracy protocol acknowledges a still-centralized Verifier, partial implementation of full tallying integration, and that receipt-freeness does not amount to full coercion resistance. Sovereign-phone architectures confront hardware support, secure UI, deployment incentives, and the possibility that vendors resist ceding control. Taken together, these constraints suggest that SmartphoneDemocracy is best understood not as a finished institutional form, but as an evolving research program spanning social choice, distributed systems, mobile security, cryptography, urban sensing, and platform governance (Kunz et al., 2023, Pournaras, 2019, Ram et al., 2015, Jóźwik et al., 13 Jul 2025, Groschupp et al., 2021, Groschupp et al., 2022).

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to SmartphoneDemocracy.