Skip to main content

lemmy - Link to source

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming
A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit.

https://www.androidheadlines.com/2026/05/a-security-researcher-decompiled-the-white-house-app-what-they-found-is-pretty-alarming.html

#privacy
in reply to SocialistVibes01

twoBrokenThumbs
lemmy - Link to source
twoBrokenThumbs
At least they acknowledge that cookie consent does nothing and paywalls are ridiculous.
in reply to SocialistVibes01

auntieclokwise
lemmy - Link to source
auntieclokwise
And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site. So if that account ever gets compromised, arbitrary code could run inside the app’s WebView.


Somebody has the opportunity to do the most hilarious thing.