A new app from the US government has drawn scrutiny from users and researchers over potential location-tracking capabilities, security weaknesses and data collection practices.
The White House launched the app on Friday as a way for users to get a “direct line to the White House,” offering breaking news alerts on major announcements, livestreams and updates on “policy breakthroughs.” Users on X have raised concerns about permissions the app requests, including access to device location, shared storage and network activity, though those specific claims have not been independently verified.
While many consumer apps request location access and log user data, similar permissions in software published by the federal government can provoke heightened concern. Listings on the Google Play Store and Apple’s App Store do not currently show the warning labels some users have cited. The White House privacy policy for the app states that it automatically records basic information such as originating IP addresses and may retain names and email addresses of subscribers, though providing those is not required to use the app. Cointelegraph has contacted the White House for comment.
Researchers say code suggests GPS access
On the app’s Google Play page, Google indicates that personal data, including phone numbers and email addresses, may be collected; Apple’s App Store links to the White House privacy policy. A developer using the X handle Thereallo and a security engineer and infrastructure architect identified code they say could allow the app to access a device’s GPS.
Adam, the security engineer, told reporters that including location-tracking functionality is unusual for software that does not appear to need it. “There is no map, no local news, no geofencing, no events near you, no weather. Nothing in the app that requires location,” he said.
Thereallo reported similar findings, claiming the app contains code that could enable location checks as frequently as every 4.5 minutes while the app is in the foreground and about every 9.5 minutes in the background; those timing claims have not been independently confirmed. They also said the app gathers other behavioral data such as notification interactions, in-app message clicks and phone numbers. Although the app still requires permission to access location, researchers warned the tracking capabilities are “one call away from activating” and that the underlying infrastructure appears present.
Security concerns beyond tracking
Adam also raised concerns about the app’s overall security, suggesting its network traffic and behavior could be intercepted or altered by technically skilled actors. He warned that anyone on the same Wi‑Fi network could intercept API traffic with a proxy and that users with jailbroken devices could modify the app’s runtime behavior. Adam emphasized that his observations were made without probing servers, intercepting network traffic, bypassing DRM or using tools that require jailbreaking—only by inspecting what is visible to anyone who downloads the app and has a terminal.
Cointelegraph notes that independent verification of the decompiled code claims is limited and encourages readers to review the White House privacy materials and app store listings. The article reflects Cointelegraph’s reporting practices and editorial policy; readers are encouraged to verify details independently.
