A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

submitted 1 month ago by

Lemmynated@lemmy.zip

https://www.androidheadlines.com/2026/05/a-security-researcher-decompiled-the-white-house-app-what-they-found-is-pretty-alarming.html

41

Log in to comment

Hot Top New Old

givesomefucks@lemmy.world

The app also injects JavaScript and CSS into every page you visit in the in-app browser. This strips away cookie consent dialogs, GDPR banners, login walls, and paywalls. There’s also leftover dev artifacts in the production build, including a localhost URL to the Metro bundler.

Weirdly, that’s probably what will take it down, avoiding paywalls

They want to be able to serve up pre-selcted articles that push their narrative, but they’re gonna piss off all the places they link to, because the app is also injecting its own ads at that point.

reply

12

Optional@lemmy.world

How odd

reply

6

Comments in Privacy@lemmy.ml

IAmYouButYouDontKnowYet@reddthat.com

None of that is surprising.

reply

25

Battle_Masker@lemmy.blahaj.zone

Damn click bait economy making tech journalists have to jebait us for revenue

reply

8

auntieclokwise@lemmy.world

And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site. So if that account ever gets compromised, arbitrary code could run inside the app’s WebView.

Somebody has the opportunity to do the most hilarious thing.

reply

18

twoBrokenThumbs@lemmy.world

At least they acknowledge that cookie consent does nothing and paywalls are ridiculous.

reply

12

My shocked face 😶

reply

10

northernlights@lemmy.today

I wouldn’t have expected any less.

reply

10

Comments in Privacy@programming.dev

Lka1988@lemmy.dbzer0.com

To the surprise of absolutely nobody….

reply

7

Create post

Join

#ai #data centers #big tech #delivery robot #robot #youtube #microsoft #openai #amd #smartphone #Accenture #burger king #violence #social media #copyright #enshittification #hacking #downdetector #speedtest #acquisition #claude #doordash #wireguard #bluesky #veracrypt #windscribe #us legislation #ddos #usa legislature #phones
Explore Tag Cloud

Technology

News community around technology, social media platforms, information technology and governmental policy surrounding it.

What doesn’t fit here?

The core of the story has to be technology focused.

If article mentions “AI” in a sentence and then talks about business economics that doesn’t make it tech news.
Gaming is too many layers removed from technology. There are many dedicated communities that are a better fit for it.
Transporation is too many layers removed from technology. EVs while use many cool technologies have many dedicated communities that are a better fit for it.
Entertainment is too many layers removed from technology. While sometimes it can fit here, business or cultural aspects of it are a better fit for dedicated communities.
Cybersecurity. While it heavily focuses on technology, most of the time it’s too technical for most people who are not already invested in it. Should be posted in a dedicated communities unless it has broader connection to other tech areas.

Post guidelines

Title format

Post title should mirror the news source title. If you don’t like the title of article, look for an alternative source instead of editorializing it.

URL format

Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.

[Opinion] prefix

Opinion (op-ed) articles must use [Opinion] prefix before the title. Opinion articles refer to articles that their publisher doesn’t explictly endorse.

Country prefix

Country prefix can be added to the title with a separator (|, :, etc.) if the news is from a local publisher who doesn’t clearly mention the country.

Rules

1. English only

Title and associated content has to be in English.

2. Use original link

Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.

3. Respectful communication

All communication has to be respectful of differing opinions, viewpoints, and experiences.

4. Inclusivity

Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.

5. Ad hominem attacks

Any kind of personal attacks are expressly forbidden. If you can’t argue your position without attacking a person’s character, you already lost the argument.

6. Off-topic tangents

Stay on topic. Keep it relevant.

7. Instance rules may apply

If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

Modlog

Moderators

BrikoX@lemmy.zip

7K Subscribers 3 Local Subscribers

715 Posts 4K Comments

1 Daily User 560 Weekly Users 2K Monthly Users 6K Users / 6 Months