Brady Snyder / Android Authority
TL; DR
- The White House released a new app for Android and iOS last week.
- At first glance, the app didn’t seem to be very useful, it just aggregates some existing news sources.
- Now the teardown confirms how sloppily the app is put together.
Last week, the current US administration decided to distract everyone from their illegal war for a bit by releasing a shiny new app for us to try: the official White house program. We took a quick look at the “features” it offered at the time and found it to be little more than a low-effort package to bundle content already available elsewhere. Over the weekend, developers took the time to peel back the layers and see what makes the app work, and their findings only caused further concern.
Don’t want to miss out on the best Android Authority?
Made by one of the best knockoffs we’ve found Hellowhich shares a high-level analysis of what’s in this new release. The good news is that, whatever you can call it, the app basically looks like what it is: At its core, it’s a WordPress-powered content portal.
Of course, this is also an official, government program, so people were very interested to find out exactly how he was going to do what he did – and that part starts to get a little problematic.
For starters, there’s a rule to inject custom JavaScript into any web pages the app loads, all designed to bypass things like GDPR notices, cookie messages, and even login screens. This is just at face value and risks violating usage agreements on external sites.
There is also a disturbing amount of code that is loaded live from external, third-party repositories. The White House software assumes it’s all secure, but any compromise to these projects could put White House app users at risk — the kind of good security practice we should expect from government software.
And since it’s almost possible, the app is also ready to track you. There’s nothing necessarily wrong with this, and users should be aware of what they’re giving location permissions to, but the app has the infrastructure to routinely collect the user’s location if they so choose.
Finally, the White House’s implementation of the new app looks embarrassing amid questionable security practices and disrespect for third-party intellectual property. Should anyone be surprised?
Thank you for being a part of our community. Read our Comment Policy before deployment.
