Affiliate links on Android Authority may earn us a commission. Learn more.
That new White House app looks all sorts of problematic under the hood
- The White House launched a new app for Android and iOS last week.
- At first glance, the app didn’t appear to offer much utility, only aggregating some already available news sources.
- Now a teardown confirms just how sloppily the app was put together.
Last week, the current US administration decided to distract everyone a little bit from the illegal war it’s waging by dangling a shiny, new app for us to try: the official White House app. We took a quick look at the “features” it offered at the time, and found it to be little more than a low-effort wrapper for aggregating content already available elsewhere. Over the weekend, developers had time to start peeling back the layers and seeing what makes the app tick, and their findings are only cause for further concern.
Don’t want to miss the best from Android Authority?
- Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
- You can also set us as a preferred source in Google Search by clicking the button below.
One of the best teardowns we’ve found was prepared by Thereallo, who shares a high-level analysis of what’s packed within this new release. The good news, as much as you can call it that, is that the app largely appears to be what it purports to be: At its heart, this is a WordPress-powered content portal.
Of course, this is also an official, government app, so people were very curious to learn exactly how it was going about doing what it does — and that part starts getting a tad problematic.
For starters, there’s a routine for injecting custom JavaScript into any webpages the app loads, all designed to bypass things like GDPR notices, cookie messages, and even login screens. That’s just sketchy on face value, and risks violating usage agreements on external sites.
There’s also an uncomfortable amount of code being loaded live from external, third-party repositories. The White House app assumes all this is secure, but any compromise to these projects would expose White House app users to risk — hardly the sort of good security practice we (should) expect from a government app.
And pretty much just because it can, the app is also ready to track you. There’s nothing necessarily nefarious about this, and users should be aware that they’re granting location permissions, but the app has the infrastructure in place to regularly gather user location, should it so choose.
Ultimately, the execution of the new White House app just comes across as embarrassing, between those questionable security practices and the lack of respect for third-party intellectual property. Should anyone be surprised?
Thank you for being part of our community. Read our Comment Policy before posting.