this post was submitted on 28 Mar 2026
525 points (98.3% liked)

Technology

83195 readers
3290 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
525
I Decompiled the White House's New App— The app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages. (blog.thereallo.dev)
submitted 1 day ago* (last edited 16 hours ago) by Beep@lemmus.org to c/technology@lemmy.world
61 comments fedilink hide all child comments
 

Social Media

What Is This App?

It's a React Native app built with Expo (SDK 54), running on the Hermes JavaScript engine. The backend is WordPress with a custom REST API. The app was built by an entity called "forty-five-press" according to the Expo config.

you are viewing a single comment's thread
view the rest of the comments
[–] Fmstrat@lemmy.world 7 points 13 hours ago (1 children)

The app uses standard Android TrustManager for SSL with no custom certificate pinning. If you're on a network with a compromised CA (corporate proxies, public wifi with MITM, etc.), traffic between the app and its backends can be intercepted and read.

That doesn't seem right. You would still need the compromised CA cert to be installed on your device. This isn't going to be a problem when connecting to a public Wifi.

The rest of the article is bonkers, though. Classic corporate data-grab app, and then some.

[–] prenatal_confusion@feddit.org 3 points 13 hours ago

Ten years ago when businesses really needed to offer wifi (train for example) they thought "hey we would like to have something in return!". I got offered a new ca a couple of times in the captive portal.

Yeah, not best practice but not unheard of.