Is Trump’s new White House app unsafe for your security and privacy?
Zach Laidlaw/The White House app on iOS
Privacy concerns?
From the moment the new White House app went live, sleuths on social media were quick to warn others not to download it, claiming it to be government spyware that can gather users’ private data.
Based on its privacy labels on the App Store and Google Play, the White House app may collect your email address and phone number (both optional) for marketing purposes as well as app usage data for analytics. Notable components missing from the data collection notice include precise location data, microphone access, camera access, photos access, and browsing history.
In other words, the White House app doesn’t have permission to listen to your conversations, spy on you through the camera, or see your exact location.
RELATED: How the FBI can flout Apple’s privacy tools
ugurhan/Getty Images
Going a step further, we took a look at the White House’s privacy page. Based on this information, the White House website (and by extension, the app) may collect the following that developers aren’t required to disclose directly on the app page:
- The device’s originating IP address
- The internet domain name
- Information about your computer or mobile setup (e.g., type and version of web browser, operating system, screen resolution, and connection speed)
- The pages on WhiteHouse.gov that you visit
- The internet address, or URL, of the website that connected you to the site if you accessed WhiteHouse.gov via a link on another page (i.e., “referral traffic”)
- The amount of data transmitted from WhiteHouse.gov to your computer
At first glance, none of these seem out of the ordinary. Practically all websites you visit log this information about your device and usage habits.
So the White House app is safe to use, right? Not so fast …
Secrets under the hood
A self-professed web designer and former reverse engineer that goes by “Thereallo” decompiled the Android version of the White House app to see exactly what its code entails. Thereallo makes several censorious claims about the app that earned the White House’s announcement a community note on X. The highlights include:
- Security risks driven by arbitrary JavaScript injection and an absence of certificate pinning that could leave the app open to hacks in the future.
- Dubious GPS tracking that logs the device’s location in the foreground (while the app is in use) every 4.5 minutes and in the background (while the app is not being used) every 9.5 minutes.
- User behavior tracking through various avenues, including cross-device aliases, notification interaction logs, in-app clicks, and more.
Note that these points were only confirmed in the Android version of the White House app. Due to the closed nature of Apple’s mobile platforms, decompiling iOS apps are far more complex.
So is the White House app really safe to use?
While the new White House app looks good on the surface, there are some inherent flaws within its code that could open users up to cyber security threats and data tracking. If you’d like to use the app, consider these options first:
- Enable a trusted VPN to mask your IP address from the app’s location-monitoring protocols.
- Revoke any permissions from that app that request location data or access to see nearby devices to ensure it can’t tap into your GPS data or connected Bluetooth devices.
- Install the app within a secure sandbox, either inside a Private Space on Android or within an iPhone that isn’t attached to your primary Apple account, to ensure any future cyber attacks on the app can’t attempt to access the rest of the data in your device.
- Don’t download the White House app. Simply visit whitehouse.gov for the latest information from the Trump administration.
If you’re still interested in checking out the White House app for yourself, you can download it from the Apple App Store for iPhone and the Google Play Store for Android.
Leave a Reply
You must be logged in to post a comment.