But Chinese phones and EV's are dangerous to national security.
this post was submitted on 23 May 2026
189 points (100.0% liked)
politics
29844 readers
2709 users here now
Welcome to the discussion of US Politics!
Rules:
- Post only links to articles, Title must fairly describe link contents. If your title differs from the site’s, it should only be to add context or be more descriptive. Do not post entire articles in the body or in the comments.
Links must be to the original source, not an aggregator like Google Amp, MSN, or Yahoo.
Example:
- Articles must be relevant to politics. Links must be to quality and original content. Articles should be worth reading. Clickbait, stub articles, and rehosted or stolen content are not allowed. Check your source for Reliability and Bias here.
- Be civil, No violations of TOS. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
- No memes, trolling, or low-effort comments. Reposts, misinformation, off-topic, trolling, or offensive. Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.
- Vote based on comment quality, not agreement. This community aims to foster discussion; please reward people for putting effort into articulating their viewpoint, even if you disagree with it.
- No hate speech, slurs, celebrating death, advocating violence, or abusive language. This will result in a ban. Usernames containing racist, or inappropriate slurs will be banned without warning
We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.
All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.
That's all the rules!
Civic Links
• Congressional Awards Program
• Library of Congress Legislative Resources
• U.S. House of Representatives
Partnered Communities:
• News
founded 2 years ago
MODERATORS
Two things definitely cannot be bad at the same time
Here's the summary of the app from a few months ago: https://thereallo.dev/blog/decompiling-the-white-house-app
- Injects JavaScript into every website you open through its in-app browser to hide cookie consent dialogs, GDPR banners, login walls, signup walls, upsell prompts, and paywalls.
- Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal's servers.
- Loads JavaScript from a random person's GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app's WebView.
- Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.
- Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.
- Has no certificate pinning. Standard Android trust management.
- Ships with dev artifacts in production. A localhost URL, a developer IP (10.4.4.109), the Expo dev client, and an exported Compose PreviewActivity.
- Profiles users extensively through OneSignal - tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation.
The app also raised initial concerns about its potential GPS tracking capability, but the White House has since removed that functionality.
At least that’s been removed. If only that were the only issue…
That app has more holes than Swiss cheese.
NGL, if I was working for the government, that phone would NEVER get used and I'd leave it in a drawer at my desk. Turned off.
I doubt they'd keep you long. Government jobs have been no fun for quite a while.
makes sense now
I guarantee it'll be badly coded and introduce vulnerabilities, which for government phones could be national security threats
100% chance it will also spy on the phones and send that data to an insecure MAGA server piped straight through to ICE for filtering out anyone not loyal to the Reich, I mean Trump.
Honestly, good. I am pretty anti- national security at the moment.
Good news! So are the Russians and Chinese and Israelis and...
At what point do these all cancel each other out?
The same time we all die in a nuclear winter.
I'm pretty sure we've known that for a fact since April.
They were never going to just pack up and leave. If the Plan A direct coup doesn't work, they'll still have the Plan B of infested IT infrastructure.
There's no way this wasn't vibe coded with unsecured code from sketchy githubs and tons of foreign intelligence backdoors built in.
Yes
If there are any people in my (government) workplace who still support Trump, they keep it to themselves. Everyone I know hates the entire admin. This app will probably only make it worse.
Lmao.
Org-managed iOS/Android is not “install whatever some agency stapled to a PDF.” The app gets denied by identity, not a fucking sysadmin clicking through a GUI on orders from above.
iOS bundle ID + Apple Team ID + signing identity; Android package name + signing cert digest + Managed Play state. If it shows up anyway, the device will be dropped out of compliance and Conditional Access cuts it off from mail, Teams, VPN, SSO, managed browser, org data. I essentially turn the phone into a kids toy until I get my eyes on the situation.
This ain't a checkbox in the MDM console. The console is downstream. The source of truth is a repo. A service principal polls the live MDM tenant over API, diffs app approvals, assignments, compliance rules, and app-protection policies against the signed config, then PATCHes the deny back if some genius removes it. The audit log fires, SIEM ingests it, the pipeline reverts it, and the diff names the admin. You are not sneaking spyware into my mobile fleet. 😊
This is literally what I would tell an attacker to their face. I would not publicly even hint at the lengths I go or would go to keep our infrastructure frustratingly safe from shit exactly like this
ruzzia playbook
[keep] you connected to President Donald J. Trump and his administration like never before,
Probably for similar reasons of having images of Big Brother's, oops, I mean, Donvict's, ugly mug staring at people from the DOJ building...
Maintain the cult-like air of omniscience around old doddering dozing donnie...the guy barely knows where the fuck he is or what he's even babbling about, but his handlers need to give everyone the impression he's really on top of everything...
Big Brother is Watching You
1984 is dead. Long live 1984
Probably full govt spyware.
it's their government phones. if it's not already full of spyware, I'd be disappointed.
If it's not your phone\computer (ex work\government devices) and if you are super paranoid even if it is your phone\computer, always assume someone is always watching and can see\recreate what you are doing.
This doesn't change anything, not practically.
ALWAYS assume everything you do on a device provided by your employer is being monitored
It absolutely does, in a number of ways. First, this thing could be straight up spying malware or could be updated to be such in the future.
It’s a ‘company phone’ you don’t control it; so you can’t trust anything on it.
Always use work provided devices only for work related stuff. There is every reason to believe the can and do monitor everything that happens on them.
This is true of government devices and private company devices.
It's the "work related" stuff that I'm concerned about leaking.
Oh, that? Yeah, well …. Yeah. The entire administration is incompetent narcissists addicted to substances, with the most corrupt President ever at the head, so yeah. Audi don’t forget the pillaging that doge did. Idk, it’s a total mess, and all sorts of secrets and personal information is floating around now. :(
From a personal perspective, it changes nothing if you already use a work device with the knowledge your use is being monitored.
From a general data security point of view its terrible for the reasons you describe, but that's a government problem not a personal one
You're not exactly inspiring hope.
Why would you expect privacy on a work system?
It injects content into websites, I's say that changes a LOT actually.
And what's stopping Trump just convincing MAGATS to install it willingly?
If they want to inject data into websites (whatever that means) then there easier ways when you have an army of morons hanging off your every word