Analysis reveals concerning features in official White House app

According to Tech Radar, an analysis of the official White House app for Android has uncovered several concerning features that raise privacy and security questions.

A security researcher known as Thereallo has found that the app can inject code into third-party websites, effectively hiding cookie consent banners, GDPR notices, and paywalls. This capability prevents users from exercising their privacy rights and bypasses content restrictions. The app also possesses the ability to track precise GPS location data every 4.5 minutes when active and every 9.5 minutes in the background, with the potential to be activated by a command. User data, including location and interaction history, is sent to non-governmental infrastructure via the OneSignal SDK.

Furthermore, the app pulls code from unsecured sources, including a random GitHub account for embedding videos, which could be exploited to serve malicious content, Thereallo said. The app also lacks certificate pinning and adequate security for third-party code, raising concerns about its overall security posture and the potential for invasive user profiling.

Source: Tech Radar