{
"$type": "site.standard.document",
"description": "It's exactly what you'd expect.",
"path": "/2026-03-30-security-analysis-of-the-white-house-app/",
"publishedAt": "2026-03-30T13:56:00.107Z",
"site": "at://did:plc:ex23caczr45rodrfcxrwps6h/site.standard.publication/self",
"tags": [
"trump-administration",
"security",
"apple"
],
"textContent": "This is an interesting, if occasionally alarmist, security analysis from atomic.computer of the White House's new flagship application.\n\nThe major findings:\n\nFinding 1: A Russian-Origin Company Executes Live JavaScript Inside the App (Six Times)\nFinding 2: GPS Tracking With No Feature Justification\nFinding 3: The Privacy Manifest Is Provably False\nFinding 4: OneSignal Can Remotely Toggle Location Tracking and Privacy Consent\nFinding 5: The App Strips Privacy Consent Banners\nFinding 6: Minimal Security Hardening\nFinding 7: Dormant Over-the-Air Code Push\nFinding 8: Full Behavioral Intelligence Pipeline\n\nFinding 1 is an absolute embarrassment. Shoddy workmanship of the highest order.\n\nFinding 2 has an important caveat:\n\nWhether this code path is actively enabled at runtime would require network traffic analysis, but the capability is compiled into the app and the always-on location permission is requested.\n\nYou shouldn't be surprised to know that I'm not going to install the app to find out if a location permission prompt is actually presented. So I'll generously give the benefit of the doubt.\n\nFinding 3 is either a manifest lie or an egregious oversight from the developers. Regardless, how it got through App Review is what puzzles me. There are SDKs in the White House app that require a manifest. It's astounding to me that Singapore Buses has a more robust Privacy Manifest simply by declaring the use of UserDefaults.\n\nFinding 4 is technically misleading:\n\nThese are standard OneSignal SDK features, but the implication is significant: OneSignal’s servers can remotely enable or disable GPS tracking and change whether privacy consent is required, all without an app update, without Apple review, without the user knowing. It’s a light switch for location tracking, and it’s not in the White House’s hands.\n\nOneSignal, published yesterday:\n\nFor location to be active in any app using our platform, two separate things must happen, both of which are outside of OneSignal’s control:\n\nThe developer must explicitly enable it. [...]\n\nThe user must grant permission at the operating system level. [...]\n\nFinding 5 is unforgivable. (Ironically, it probably makes websites easier to use as I'm quite sick of the cookie consent banners.)\n\nI've recently spent a lot of time working on many of the security control issues listed in Finding 6 for Gobbler. Again, it's not surprising that the White House app ships with such a lax security posture.\n\nFinding 7 isn't much of a finding. Something exists but isn't turned on.\n\nFinding 8 isn't much of a finding, either. This is just what OneSignal does.\n\nMy problem with this app is one of trust. And, to be clear, that problem of trust lies with Apple. They have a web of guidelines that should have prevented this app from ever being released. They've pitched their brand on user privacy and routinely bust smaller developers for not having just the right entry in their Privacy Manifest.\n\nAnd yet, here we are, with a White House app that doesn't declare anything with regards to its data capture practices.\n\nTo whom and when do App Review Guidelines apply?",
"title": "'Security Analysis of the Official White House iOS App'"
}