That new White House app looks all sorts of problematic under the hood
Source: Android Authority
TL;DR
- The White House launched a new app for Android and iOS last week.
- At first glance, the app appeared to be a simple aggregator of already‑available news sources.
- A recent teardown shows the app was put together with several concerning practices.
Overview
Last week the current U.S. administration released an official White House app for Android and iOS. Initial impressions suggested it was little more than a low‑effort wrapper that aggregates content already available elsewhere. Over the weekend, developers began dissecting the app to understand how it works, uncovering a number of security‑related issues.
Teardown Findings
Core Platform
The app is essentially a WordPress‑powered content portal. This aligns with its stated purpose of delivering White House news and information.
Custom JavaScript Injection
The app includes a routine that injects custom JavaScript into any web pages it loads. This is used to bypass GDPR notices, cookie banners, and even login screens. While technically feasible, such behavior raises privacy concerns and may violate the terms of service of external sites.
External Code Loading
A significant amount of code is loaded at runtime from external, third‑party repositories. The app assumes these resources are secure, but any compromise of those repositories could expose White House app users to malicious code—a serious security risk for a government‑issued application.
Location Tracking
The app requests location permissions and contains infrastructure that could regularly collect user location data. Although the functionality is not inherently malicious, users should be aware that the app is capable of tracking their whereabouts.
Conclusion
The execution of the new White House app is problematic due to questionable security practices and a lack of respect for third‑party intellectual property. These issues undermine confidence in an official government application.