🔗 Decompiled the White House’s New App
Thereallo, after spelunking inside the APK bundle for the Android version:
- Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal’s servers.
- Loads JavaScript from a random person’s GitHub Pages site (
lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app’s WebView. […]
➕
Is any of this illegal? Probably not. Is it what you’d expect from an official government app? Probably not either.