A newly launched app by the U.S. government has raised concerns among users and researchers regarding potential location-tracking features, security vulnerabilities, and data collection practices. According to Cointelegraph, the app was introduced by the White House on Friday, aiming to provide users with a direct connection to the White House, including breaking news alerts, livestreams, and updates on policy developments.
Users on X have expressed apprehension about the permissions required to use the app, such as access to the device's location, shared storage, and network activity. These claims, however, have not been independently verified. While many apps typically request location permissions and can log user data, an app launched by the federal government requesting such information can raise additional concerns. Notably, the app's listings on both the Google Play Store and Apple's App Store do not currently display warnings about these permissions.
The White House app's privacy policy indicates that it automatically stores information about the originating Internet Protocol (IP) address and other basic data, while it can retain names and email addresses of subscribers, though these are not mandatory for app usage. Cointelegraph has reached out to the White House for comment.
Security engineer Adam, along with a software developer using the X handle Thereallo, have identified code suggesting the app could access a device's GPS for tracking. Adam noted that while location-tracking services are common in many apps, it is unusual for software that does not appear to need them. "There is no map, no local news, no geofencing, no events near you, no weather. Nothing in the app that requires location," he stated.
Thereallo claimed the app includes code that could enable tracking a device every 4.5 minutes in the foreground and 9.5 minutes in the background, though this has not been independently verified. They warned that the tracking infrastructure is ready to be activated, and the app is collecting other data such as notification interactions, in-app message clicks, and phone numbers.
Adam further commented on the app's security, suggesting it may be vulnerable enough for a technically skilled individual to intercept its data or alter its functionality. "Anyone on the same Wi-Fi network, say, at a coffee shop, an airport, or a congressional hearing room, can intercept API traffic with a proxy. Anyone with a jailbroken device can hook and modify the app's behavior at runtime," he explained. Adam emphasized that no servers were probed, no network traffic was intercepted, and no DRM was bypassed, noting that everything described is observable by anyone who downloads the app from the App Store and has a terminal.
Catherine
