I'm an Estonian and have been enjoying all these benefits for many years already. Can't really imagine a life without them :)
Here are my replies to your questions:
* The mobile company does not have access to your data. They just issue a special SIM card that stores your private keys. Unlike the article states, there is actually also a small piece of software installed on your phone that is later used for authentication and signing.
The way it works is that you go to a site where you want to log in (I'll use Estonian government portal https://www.eesti.ee/eng/ as an example here), you press Enter (or "Log in" or whatever the button is called on the site) and choose "Login with mobile-ID". In Estonian government portal both your phone number and personal code are asked as "usernames" but some sites might ask either one of them (depends on the site's owner). Then after a few seconds your phone will display a screen showing that a connection is being made.
At the same time you will be shown a "control code" on the browser screen that you will have to confirm on your phone. This is done in order to prevent some forms of man-in-the-middle attacks. Then you're prompted to enter a mobile ID PIN1 code (used for authentication) into the phone. If PIN1 is correct, the screen on the phone disappears and the website is automatically reloaded with a logged in screen. You can cancel the authentication procedure at any moment. PIN2 is used for signing and works the same.
* Obviously it would take a lot of time to answer all the problems posed in the Wikipedia. I would disagree, however, that Estonian e-elections are easy to tamper. As Estonia is on the forefront of e-voting in the world, all these problems are addressed and analysed in great detail by our Electronic Voting Committee (http://vvk.ee/general-info/electronic-voting-committee/) that is involving leading e-voting experts in their work. There have been many debates about e-voting and rulings by our Supreme Court. The process of e-voting is very transparent (you can start reading about it here: http://vvk.ee/voting-methods-in-estonia/engindex/), it's heavily audited before, during and after the voting, the software is open-sourced (https://github.com/vvk-ehk/evalimine) and very well documented.
But to give a very high-level answer to your question about recounting the votes - there are many different applications and servers used in the e-voting process that keep traceable logs. If recounting is needed then these log files are used in order to determine if votes were tampered in some constituency.
1) Instead of building an API for your project, you can start using Zazler as a ready-made API. It acts as a web server that can be installed locally and configured directly to a SQL database (a legacy database or a new one, we're currently supporting PostgreSQL, MySQL, SQLite and MSSQL), so that makes it cross-platform. (ofcourse you can also build a proxy with node or nginx on the server's port if that's necessary)
2) Database queries are defined as URLs per HTTP request, using a query syntax very similar to SQL. This allows the user of an app to write necessary queries, hence extend the app on the client-side. Complex joins, filters and similar stuff is supported.
3) Zazler comes bundled with many technical formats, data visualizations and app templates. And they are extendable, meaning the app's users themselves can decide how to view the data, even write their own formats and templates.
4) The feedback we've received from backend developers is that it will save them many, many hours of boilerplate coding. So it can also serve as a development platform that can be used to write database queries using URLs instead of writing boilerplate backend code. You can basically set it up and let the frontend technician take over the work from there.
5) We've used similar architecture for the last 6 years in our projects, so it's pretty mature. Now we're releasing Zazler as a beta for public and planning to launch it as a separate product in 2014.
I've written a blog post where I describe Zazler's approach in more detail: "API Creation – the Missing Link in API Management" http://www.zazler.com/?p=115
* The mobile company does not have access to your data. They just issue a special SIM card that stores your private keys. Unlike the article states, there is actually also a small piece of software installed on your phone that is later used for authentication and signing. The way it works is that you go to a site where you want to log in (I'll use Estonian government portal https://www.eesti.ee/eng/ as an example here), you press Enter (or "Log in" or whatever the button is called on the site) and choose "Login with mobile-ID". In Estonian government portal both your phone number and personal code are asked as "usernames" but some sites might ask either one of them (depends on the site's owner). Then after a few seconds your phone will display a screen showing that a connection is being made. At the same time you will be shown a "control code" on the browser screen that you will have to confirm on your phone. This is done in order to prevent some forms of man-in-the-middle attacks. Then you're prompted to enter a mobile ID PIN1 code (used for authentication) into the phone. If PIN1 is correct, the screen on the phone disappears and the website is automatically reloaded with a logged in screen. You can cancel the authentication procedure at any moment. PIN2 is used for signing and works the same.
* Obviously it would take a lot of time to answer all the problems posed in the Wikipedia. I would disagree, however, that Estonian e-elections are easy to tamper. As Estonia is on the forefront of e-voting in the world, all these problems are addressed and analysed in great detail by our Electronic Voting Committee (http://vvk.ee/general-info/electronic-voting-committee/) that is involving leading e-voting experts in their work. There have been many debates about e-voting and rulings by our Supreme Court. The process of e-voting is very transparent (you can start reading about it here: http://vvk.ee/voting-methods-in-estonia/engindex/), it's heavily audited before, during and after the voting, the software is open-sourced (https://github.com/vvk-ehk/evalimine) and very well documented. But to give a very high-level answer to your question about recounting the votes - there are many different applications and servers used in the e-voting process that keep traceable logs. If recounting is needed then these log files are used in order to determine if votes were tampered in some constituency.