55 minutesThat app just became a national security threat. It gives out information to a non-government server. It can be exploited by foreign agents.
Just a reminder to the president, this would include his own secret service detail and their location.
This white house app?
https://thereallo.dev/blog/decompiling-the-white-house-app
The official White House Android app:
Injects JavaScript into every website you open through its in-app browser to hide cookie consent dialogs, GDPR banners, login walls, signup walls, upsell prompts, and paywalls.
Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal’s servers.
Loads JavaScript from a random person’s GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app’s WebView.
Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.
Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.
Has no certificate pinning. Standard Android trust management.
Ships with dev artifacts in production. A localhost URL, a developer IP (10.4.4.109), the Expo dev client, and an exported Compose PreviewActivity.
Profiles users extensively through OneSignal - tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation.
- baggachipz@sh.itjust.worksEnglish5 hours
HELLO EMPLOYEE, TODAY WE FIGHT THR WOKE LIBRULS. MAKE SURE YOU GET TO THE KID ROCK CONCERT AND MMA MATCH ON TIME. THANK YOU FOR YOUR ATTENTION TO THIS MATTER!!!
- LastYearsIrritant@sopuli.xyzEnglish5 hours
Eventually everyone is going to have to own two phones, one for “official” work and government stuff, and one for actual privacy.
This is strictly for government-issued devices. So everyone that is subject to this is already carrying two phones.
So like the phones of his secret service detail? I’m waiting for it to be announced that it’ll be bundled into the Trump phone.
For what it’s worth, I saw that it had been installed on my government issued phone this morning and was able to simply uninstall it.
- sunbeam60@feddit.ukEnglish5 hours
Of course! Employees shouldn’t be conducting business on their private phones anyway!
- ZapBeebz_@lemmy.worldEnglish3 hours
I’ve got my personal phone and a government-issued iPhone. The iPhone gets turned off as soon as I leave work in the evening and I turn it back on when I get to work. I only give out my work phone number, so I don’t get bothered when I’m off the clock. It’s pretty convenient tbh.
- lol_idk@piefed.socialEnglish3 hours
As someone with a work phone, it’s easy for me to absolutely never use the thing. It stays in the office and I remote into my work machine and log into Google messages if I need to check for text. The rest is either accessible from other means or can wait until I’m in the office
