By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Technical Analysis of the Android Version of the White House’s New App

Thereallo, after spelunking inside the APK bundle for the Android version:

• Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal’s servers.

• Loads JavaScript from a random person’s GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app’s WebView. [...]

Is any of this illegal? Probably not. Is it what you’d expect from an official government app? Probably not either.

Hanlon’s razor: “Never attribute to malice that which is adequately explained by stupidity.”

The app is, at least temporarily, popular. As I type this it’s #3 in the iOS App Store top free apps list, sandwiched between Claude and Gemini. I don’t know how similar the iOS app is to the Android one, but I took one for the team and installed it, and after poking around for a few minutes, it hasn’t even prompted me to ask for location access. It’s a crappy app, to be sure. A lot of flashing between screen transitions. When you open an article, there’s a “< Back” button top left, and an “X” button top right. Both buttons seem to do the same thing. There’s no share sheet for “news” articles, which seems particularly stupid. You can’t even copy a link to an article and share it manually.

But the iOS version has a clean privacy report card in the App Store, and I don’t see anything in the app that makes me doubt that. It seems like the Android version is quite different.

[Update: Someone on Reddit claims to have analyzed the iOS app bundle and discovered similar code as in the Android app, but I still don’t see any way to actually get the iOS app to even ask for location permission. I think there might be code in the app that never gets called. Like I wrote above, it’s clearly not a well-crafted app. If anyone knows how to get the iOS app to actually ask for location access, let me know how.]

★ Tuesday, 31 March 2026