Brady Snyder / Android Authority
TL;DR
- The White House launched a new app for Android and iOS last week.
- At first glance, the app didn’t appear to offer much utility, only aggregating some already available news sources.
- Now a teardown confirms just how sloppily the app was put together.
Last week, the current US administration decided to distract everyone a little bit from the illegal war it’s waging by dangling a shiny, new app for us to try: the official White House app. We took a quick look at the “features” it offered at the time, and found it to be little more than a low-effort wrapper for aggregating content already available elsewhere. Over the weekend, developers had time to start peeling back the layers and seeing what makes the app tick, and their findings are only cause for further concern.
Don’t want to miss the best from Android Authority?
One of the best teardowns we’ve found was prepared by Thereallo, who shares a high-level analysis of what’s packed within this new release. The good news, as much as you can call it that, is that the app largely appears to be what it purports to be: At its heart, this is a WordPress-powered content portal.
Of course, this is also an official, government app, so people were very curious to learn exactly how it was going about doing what it does — and that part starts getting a tad problematic.
For starters, there’s a routine for injecting custom JavaScript into any webpages the app loads, all designed to bypass things like GDPR notices, cookie messages, and even login screens. That’s just sketchy on face value, and risks violating usage agreements on external sites.
There’s also an uncomfortable amount of code being loaded live from external, third-party repositories. The White House app assumes all this is secure, but any compromise to these projects would expose White House app users to risk — hardly the sort of good security practice we (should) expect from a government app.
And pretty much just because it can, the app is also ready to track you. There’s nothing necessarily nefarious about this, and users should be aware that they’re granting location permissions, but the app has the infrastructure in place to regularly gather user location, should it so choose.
Ultimately, the execution of the new White House app just comes across as embarrassing, between those questionable security practices and the lack of respect for third-party intellectual property. Should anyone be surprised?
Thank you for being part of our community. Read our Comment Policy before posting.
By
