220
A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming
(www.androidheadlines.com)
this post was submitted on 05 May 2026
220 points (97.4% liked)
Technology
84422 readers
4993 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It also pings your location every four minutes. But man, a random github is gold. These morons have the full power of the United States at their fingertips, and they use it to... load JS from a random github while tracking you.
The biggest weakness of fascism is always that it tends to attract a lot more idiots who want to steal money than true believers in the actual philosophy.
Can you imagine The United States Government getting hit with a JS supply chain attack due to sheer stupidity? What a time to be alive
It would be impossible to distinguish the malware from the apps intended function
Someone convincing enough could easily just tell them theres an attack. I have a feeling they wouldn't have any idea how to check.
Bc they used AI to write it. Why random stuff is included in the app for no reason
That would make sense. Ugh
Nerd nit (sorry): if you want to abbreviate “JavaScript” please use “JS” because Java is a different thing. Sorry!
PS thanks for posting the quote
Extra nerd nit: If you want to abbreviate the postscript announcement, please use "p.s" because PostScript is a different thing!
p.s. thanks for pointing out the difference between Java and JavaScript
Nerd alert!
(I kidd, thank you for the correction)
Its honestly incredible how dumb these people are.
Based on how open source currently is funded and it's a random github source. I wonder if, hypothetically, could iran send the owner a dm offering say $500k and get complete access to the phones of everyone running this app. I could see this being default installed on company phones if you work for the white house or federal government.
Don't make the github changes noticeable, keep the app working, but for example when it checks your location and sends that home imagine a slight change to also include complete browser history or list of installed apps.
One of trump's yes men receives a message "do what I ask or I'll publish that you have grindr installed, your account name, and all the people you swiped right on..." that could give them insane power over the US government.
Sure, why not. If people were as competent as the movies theyd have already owned the apps data.
Hey, it's cheaper than a single missile...
Not as convenient though. So the missiles must fire