A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

submitted by

https://www.androidheadlines.com/2026/05/a-security-researcher-decompiled-the-white-house-app-what-they-found-is-pretty-alarming.html

A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit.

37
118
3

Log in to comment

Hot Top New Old

None of that is surprising.

 reply
25

Damn click bait economy making tech journalists have to jebait us for revenue

 reply
8

And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site. So if that account ever gets compromised, arbitrary code could run inside the app’s WebView.

Somebody has the opportunity to do the most hilarious thing.

 reply
18

At least they acknowledge that cookie consent does nothing and paywalls are ridiculous.

 reply
12

My shocked face 😶

 reply
10

I wouldn’t have expected any less.

 reply
10

Comments in Technology@lemmy.zip

The app also injects JavaScript and CSS into every page you visit in the in-app browser. This strips away cookie consent dialogs, GDPR banners, login walls, and paywalls. There’s also leftover dev artifacts in the production build, including a localhost URL to the Metro bundler.

Weirdly, that’s probably what will take it down, avoiding paywalls

They want to be able to serve up pre-selcted articles that push their narrative, but they’re gonna piss off all the places they link to, because the app is also injecting its own ads at that point.

 reply
12

Comments in Privacy@programming.dev

To the surprise of absolutely nobody….

 reply
8
Insert image