Trumps new White House app is a security and privacy nightmare
Source: Mashable Tech
Overview
President Donald Trump’s new White House app was released for iOS and Android devices. The official White House account on X promoted the app, stating it would live‑stream and provide real‑time updates “straight from the source.”
However, downloading the app grants the Trump administration access to a substantial amount of user data.
Permissions Requested
The app requests permission to:
- Access precise location data
- Read network connections
- Use fingerprint and biometric data
- Prevent the device from sleeping
- Modify or delete contents of shared storage
Findings from Security Analysis
Data Collection
X user @Thereallo1026 decompiled the app and discovered that it shares the exact location of users every 4.5 minutes with a third‑party server. The server belongs to OneSignal, a push‑notification service that can use location data for targeted campaigns. This raises concerns because the app encourages users to report individuals to Immigration and Customs Enforcement (ICE).
Third‑Party Content Loading
The analysis also revealed that the app loads YouTube video embeds from a personal GitHub page belonging to an unrelated user. If that GitHub account were compromised, an attacker could serve arbitrary HTML and JavaScript to every app user.
In‑App Browser Modifications
The app’s built‑in web browser injects CSS and JavaScript that removes:
- Cookie consent prompts
- GDPR banners
- Login forms
- Paywalls on third‑party websites
Security and Privacy Implications
- Location tracking: Continuous precise location reporting can be used to monitor users’ movements.
- Third‑party reliance: Dependence on OneSignal and an external GitHub page introduces additional attack vectors.
- Content manipulation: Removing consent and security prompts undermines user privacy protections and could expose users to malicious content.
Conclusion
If you choose to download the official White House app, be aware of the extensive permissions it requests and the potential security and privacy risks identified by independent analysis.