A new app from the US government has sparked concerns among users and researchers over potential location-tracking features, security vulnerabilities and data collection.
The White House launched the app on Friday as a way for users to get a “direct line to the White House,” including receiving breaking news alerts on major government announcements, watching livestreams and keeping up to date on “policy breakthroughs.”
However, users on X have raised concerns about the permissions required to use the app, including access to the device’s location, shared storage and network activity, though these claims have not been independently verified.
While many apps often request location permissions and can log user data, an app launched by the federal government requesting this information can invite additional concerns.
However, both listings on the Google Play Store and Apple’s App Store currently do not display these warnings.
A White House app privacy policy said it automatically stores information about the originating Internet Protocol (IP) address and other basic information, while it can retain names and email addresses of subscribers, though these are not required to use the app.
Cointelegraph has contacted the White House for comment.
Security engineer says GPS tracking is part of the app
On the app’s Google Play Store page, it states that personal data, including phone numbers and email addresses, may be collected through download and use. Apple’s App Store, meanwhile, directs users to the White House’s privacy policy.
A software developer using the X handle Thereallo, along with Adam, a security engineer and infrastructure architect, say they have identified code suggesting the app could access a device’s GPS for tracking.
While the feature is common across a number of apps, Adam said it is unusual for location-tracking services to be in software that does not appear to need them.
“There is no map, no local news, no geofencing, no events near you, no weather. Nothing in the app that requires location,” he added.
Concerns of GPS tracking every 4.5 minutes
Thereallo made a similar claim that the app includes code that could enable tracking a device every 4.5 minutes in the foreground and 9.5 minutes in the background, though this has not been independently verified.
They found that it still requires permission but warned that it is only “one call away from activating,” and that the tracking “infrastructure is there, ready to go.”
Related: Trump advisory council draws Coinbase co-founder, tech leaders
At the same time, Thereallo said the app is collecting other data such as notification interactions, in-app message clicks, phone number and state.
Security could be broken, Adam says
Adam said the app’s security may be weak enough for a technically skilled person to intercept its data or alter its functionality
“Anyone on the same Wi-Fi network, say, at a coffee shop, an airport, or a congressional hearing room, can intercept API traffic with a proxy. Anyone with a jailbroken device can hook and modify the app’s behavior at runtime,” he said.
“No servers were probed. No network traffic was intercepted. No DRM was bypassed. No tools were used that require jailbreaking. Everything described here is observable by anyone who downloads the app from the App Store and has a terminal.”
Magazine: Morgan Stanley Bitcoin ETF undercuts BlackRock, SBF pardon unlikely: Hodler’s Digest, Mar. 22 – 28
