Is Trump's new White House app unsafe for your security and privacy?

Last month, the Trump administration announced a brand-new White House app available for iPhone and Android. The move shocked the internet, causing some to warn that installing the app would give the government a window into every phone’s most private data. After reviewing the privacy policy, those early fears were somewhat overblown, though not completely invalid. Here’s everything we found.

The new White House app replaced the previous version that was launched by former President Barack Obama in 2010. After 16 years, the app was long overdue for an overhaul. Updated to version 47 as a nod to our 47th president, the app now entails a brand-new design and features optimized for the MAGA age.

There are some inherent flaws within its code.

A quick tour of the White House (app)

The new White House app offers a unique window into the presidency of Donald Trump. It’s comprised of five main sections:

• Home: The home page displays announcements, goals/mission achievements, and other important messages from the Trump administration. These can include information on the MAHA movement, border security, cost-of-living improvements, and more.
• News: The news page showcases press releases and major updates directly from the administration as well as trusted media outlets.
• Live: The live feed displays long-form videos, shorts, and livestreams featuring President Trump and his various on-camera appearances, from diplomatic meetings, to important announcements, and a meme or two for good measure.
• Social: The social tab provides a live feed of various social media accounts connected to the president, including Rapid Response 47, the White House, and Donald J. Trump. There’s also a tab that lets you write to the White House, text President Trump himself, sign up for the White House newsletter, and you can even submit a tip to Immigration and Customs Enforcement if you suspect illegal immigration is taking place in your neighborhood or workplace.
• Gallery: The gallery displays photos of various events featuring President Trump and his administration, including important addresses, bill signings, Cabinet meetings, and more.

Zach Laidlaw/The White House app on iOS

Privacy concerns?

From the moment the new White House app went live, sleuths on social media were quick to warn others not to download it, claiming it to be government spyware that can gather users’ private data.

Based on its privacy labels on the App Store and Google Play, the White House app may collect your email address and phone number (both optional) for marketing purposes as well as app usage data for analytics. Notable components missing from the data collection notice include precise location data, microphone access, camera access, photos access, and browsing history.

In other words, the White House app doesn’t have permission to listen to your conversations, spy on you through the camera, or see your exact location.

RELATED: How the FBI can flout Apple's privacy tools

ugurhan/Getty Images

Going a step further, we took a look at the White House’s privacy page. Based on this information, the White House website (and by extension, the app) may collect the following that developers aren't required to disclose directly on the app page:

• The device’s originating IP address
• The internet domain name
• Information about your computer or mobile setup (e.g., type and version of web browser, operating system, screen resolution, and connection speed)
• The pages on WhiteHouse.gov that you visit
• The internet address, or URL, of the website that connected you to the site if you accessed WhiteHouse.gov via a link on another page (i.e., “referral traffic”)
• The amount of data transmitted from WhiteHouse.gov to your computer

At first glance, none of these seem out of the ordinary. Practically all websites you visit log this information about your device and usage habits.

So the White House app is safe to use, right? Not so fast ...

Secrets under the hood

A self-professed web designer and former reverse engineer that goes by “Thereallo” decompiled the Android version of the White House app to see exactly what its code entails. Thereallo makes several censorious claims about the app that earned the White House’s announcement a community note on X. The highlights include:

• Security risks driven by arbitrary JavaScript injection and an absence of certificate pinning that could leave the app open to hacks in the future.
• Dubious GPS tracking that logs the device’s location in the foreground (while the app is in use) every 4.5 minutes and in the background (while the app is not being used) every 9.5 minutes.
• User behavior tracking through various avenues, including cross-device aliases, notification interaction logs, in-app clicks, and more.

Note that these points were only confirmed in the Android version of the White House app. Due to the closed nature of Apple’s mobile platforms, decompiling iOS apps are far more complex.

So is the White House app really safe to use?

While the new White House app looks good on the surface, there are some inherent flaws within its code that could open users up to cyber security threats and data tracking. If you’d like to use the app, consider these options first:

• Enable a trusted VPN to mask your IP address from the app’s location-monitoring protocols.
• Revoke any permissions from that app that request location data or access to see nearby devices to ensure it can’t tap into your GPS data or connected Bluetooth devices.
• Install the app within a secure sandbox, either inside a Private Space on Android or within an iPhone that isn’t attached to your primary Apple account, to ensure any future cyber attacks on the app can’t attempt to access the rest of the data in your device.
• Don’t download the White House app. Simply visit whitehouse.gov for the latest information from the Trump administration.

If you’re still interested in checking out the White House app for yourself, you can download it from the Apple App Store for iPhone and the Google Play Store for Android.