Seventy-seven percent of the official White House app‘s network requests flow to third-party companies, not the government. That jarring statistic emerged after cybersecurity researcher “Thereallo” decompiled the Android version, revealing privacy violations that would make even Facebook blush.
The app, launched March 28th as the Trump Administration’s direct line to supporters, promised “unparalleled access” to White House updates. Instead, it delivered unparalleled surveillance. Your precise GPS coordinates get transmitted to OneSignal servers every 4.5 minutes when active—dropping to 9.5 minutes when running in the background.
Your Phone Becomes a Tracking Device
Location data collection happens alongside comprehensive device fingerprinting.
OneSignal integration creates a digital fingerprint containing your IP address, timezone, phone model, carrier information, and session patterns. This data package gets shared on every app launch, building a detailed profile of usage habits. You’d expect this behavior from a sketchy gaming app, not official government software that handles citizen feedback.
Amateur Hour Development Exposed
Ohio-based contractor 45Press skipped basic mobile security practices entirely.
The app lacks code obfuscation, certificate pinning, or proper security hardening—making reverse engineering trivially easy. Even more concerning, the iOS version shipped with a completely blank privacy manifest, falsely suggesting zero data collection. Government contractors charging $1.4 million should understand App Store privacy requirements better than your nephew’s first coding project.
JavaScript Trickery Bypassed User Protections
Hidden code manipulated web content to strip away privacy safeguards.
Initial versions included JavaScript designed to hide cookie consent banners and circumvent GDPR paywalls on loaded web content. You click a news link expecting standard privacy protections, but the app actively defeats those mechanisms. This feature disappeared quickly after researchers exposed it, suggesting the White House knew it crossed secretive practices.
The administration scrambled to patch obvious violations after the decompilation went public—downgrading location permissions and removing the consent-stripping code. But reactive fixes can’t restore trust in government mobile apps that should meet higher security standards than consumer entertainment software. Your data deserves better protection, especially from the institutions claiming to serve you.
