The White House App Is Riddled with Cybersecurity Vulnerabilities
9 hours ago
- #Cybersecurity
- #Data Privacy
- #Government Apps
- The White House's new app shares users' IP addresses, time zones, and other data with third parties like Elfsight and OneSignal without proper disclosure.
- Cybersecurity experts criticize the app for poor security practices, including lack of code obfuscation and certificate pinning, making it vulnerable to attacks.
- The app's privacy manifest on Apple's App Store is left blank, falsely indicating no data collection, which experts say misleads users and violates platform policies.
- Some White House staffers' personal information is exposed through the app due to its integration with Elfsight, a Russia-founded software company.
- The app was developed by 45Press, a WordPress-focused company with no prior app development experience, raising concerns about its suitability for a high-profile government project.
- Despite security concerns, the White House defends the app as safe and standard, citing security reviews for third-party services, but experts argue it fails to meet higher standards expected for government apps.