That app just became a national security threat. It gives out information to a non-government server. It can be exploited by foreign agents.
Just a reminder to the president, this would include his own secret service detail and their location.
this post was submitted on 24 May 2026
278 points (98.3% liked)
Technology
84918 readers
3444 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
Treason?
Thank you but I'm trying to quit.
This white house app?
https://thereallo.dev/blog/decompiling-the-white-house-app
The official White House Android app:
Injects JavaScript into every website you open through its in-app browser to hide cookie consent dialogs, GDPR banners, login walls, signup walls, upsell prompts, and paywalls.
Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal's servers.
Loads JavaScript from a random person's GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app's WebView.
Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.
Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.
Has no certificate pinning. Standard Android trust management.
Ships with dev artifacts in production. A localhost URL, a developer IP (10.4.4.109), the Expo dev client, and an exported Compose PreviewActivity.
Profiles users extensively through OneSignal - tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation.
Ahahahahahaha
The vibecoded one with blaring security holes?
No, silly.
The NEW vibe-coded one with Russian backdoors.
HELLO EMPLOYEE, TODAY WE FIGHT THR WOKE LIBRULS. MAKE SURE YOU GET TO THE KID ROCK CONCERT AND MMA MATCH ON TIME. THANK YOU FOR YOUR ATTENTION TO THIS MATTER!!!
Eventually everyone is going to have to own two phones, one for "official" work and government stuff, and one for actual privacy.
This is strictly for government-issued devices. So everyone that is subject to this is already carrying two phones.
for now!
or do you prefer:
so far!
Whatever gets you through the day without getting blackout drunk
So like the phones of his secret service detail? I'm waiting for it to be announced that it'll be bundled into the Trump phone.
For what it's worth, I saw that it had been installed on my government issued phone this morning and was able to simply uninstall it.
Some people won't have admin control rights to do that. And by uninstalling it you are in violation of an executive order.
I also ignored the DOGE emails last year and I'm still around. I'm honestly not the least bit concerned.
You'd probably win a suit for the termination suit
Respectfully, I've been working in government for nearly 20 years. I know what my limits are and what I can get away with. I never signed any acknowledgement that I would keep the app on the phone. Worst case scenario and extremely unlikely to happen, they somehow notice it's missing from my phone and ask me about it. "Oh, my bad. Didn't know I wasn't supposed to remove it."
If they were competent, it could be an issue, maybe...
Sorry, it looks like voice to text messed up my reply. I have fixed it.
As I have one for work which is not my personal phone. And it is totally enterprise-managed so they put whatever apps they want on it and block anything they want. It’s their phone essentially. This headline seems like a nothingburger to me.
Of course! Employees shouldn’t be conducting business on their private phones anyway!
Or private stuff on company devices, for that matter
I've got my personal phone and a government-issued iPhone. The iPhone gets turned off as soon as I leave work in the evening and I turn it back on when I get to work. I only give out my work phone number, so I don't get bothered when I'm off the clock. It's pretty convenient tbh.
Maybe get a Faraday bag. That should have a Bluetooth beacon that operates even if powered off. 😁
https://www.amazon.com/Faraday-Protector-Waterproof-Fireproof-Electronics/dp/B0C61BMYYQ
I'm no Amazon fan, but these seem to work well.
As someone with a work phone, it’s easy for me to absolutely never use the thing. It stays in the office and I remote into my work machine and log into Google messages if I need to check for text. The rest is either accessible from other means or can wait until I’m in the office
This is a rage bait headline for the masses who don’t understand what it means to have a work-issued phone.
Not really. It's still a massive security threat, even if you leave it in the office.
Came here to say this.
Work phone for work use (they can load any and everything they want, not my phone)
Personal phone is mine and I control what is installed
Popup ads for Tr*mp tchotchkes.