A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit.

https://www.androidheadlines.com/2026/05/a-security-researcher-decompiled-the-white-house-app-what-they-found-is-pretty-alarming.htmlOpen link View original on lemmy.ml

128

Comments5

IAmYouButYouDontKnowYet

reddthat.com

None of that is surprising.

Battle_Masker reply

lemmy.blahaj.zone

Damn click bait economy making tech journalists have to jebait us for revenue

auntieclokwise

lemmy.world

And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site. So if that account ever gets compromised, arbitrary code could run inside the app’s WebView.

Somebody has the opportunity to do the most hilarious thing.

twoBrokenThumbs

lemmy.world

At least they acknowledge that cookie consent does nothing and paywalls are ridiculous.

northernlights

lemmy.today

I wouldn't have expected any less.