THE article warns not to use the new White House app, launched on 28 March 2026 and billed as “Unparalleled access to the Trump Administration.” A security researcher who goes by Thereallo pulled the APK, used JADX, and decompiled the entire thing, according to Thereallo’s analysis. The audit identifies several concerning findings, including a GPS tracking pipeline that would locate users every 4.5 minutes, JavaScript injection into every website visited, and loading code from a random person’s GitHub Pages.
It also notes more third-party code execution and claims that user data goes everywhere except the Government. The piece emphasises that this is a technical audit of a government application that allegedly violates cybersecurity principles and ethical boundaries, and it calls out everyone responsible for the app’s publication and maintenance. Read the details of these findings at ringmast4r.substack[.]com, and consider the broader implications for privacy and data security in official mobile applications.