A newly released White House mobile app has drawn criticism from users and security researchers who say it may request broad permissions and include code that could enable location tracking and other data collection.
The app, launched as a direct channel for news, livestreams and policy updates, requests permissions that some users flagged on social media, including access to device location, shared storage and network activity. Those specific permission claims have not been independently verified, and current listings on Google Play and Apple’s App Store do not show the warning labels some users reported. The app’s privacy policy says it automatically records basic information such as originating IP addresses and may retain the names and email addresses of subscribers, although providing those details is optional. The White House was contacted for comment.
Researchers who examined the app’s visible code report signs that it could access a device’s GPS. A security engineer who inspected the app noted that location access would be unusual given the app’s functionality: it contains no maps, local event features, geofencing or weather data that would typically require precise location. A developer posting under the handle Thereallo and others said they found code that might permit frequent location checks—claims about polling intervals (for example, every 4.5 minutes in the foreground and every 9.5 minutes in the background) have not been independently confirmed.
Beyond potential GPS access, researchers say the app appears to collect behavioral data such as notification interactions, in-app message clicks and phone numbers. While the app still prompts for location permission before using GPS, researchers warned that the capability could be enabled by server-side calls and that the infrastructure to do so appears to be present in the code they inspected.
Security concerns extend past tracking. One researcher warned that network traffic could be intercepted by a technically skilled actor on the same Wi‑Fi network using common proxy tools, and that on compromised (for example, jailbroken) devices the app’s runtime behavior could be altered. The researcher emphasized these observations were made by inspecting what is publicly visible when downloading and decompiling the app, without probing servers, intercepting live traffic, bypassing DRM or using jailbreaking tools.
Independent verification of the decompiled-code findings is limited. The reporting outlet encourages users to read the White House privacy policy and app store listings and to verify details for themselves.