All government employees working for the executive branch must install the app on their work phones
After the press release was disseminated in March, we haven’t heard a single thing about the app. That is, until now. The Trump Administration is forcing all federal agencies that are part of the executive branch to install the app on government-issued phones regardless of whether the phone user wants it or not.
If you’re not paying attention, you might send the President a message that you do not mean
This will open the messaging UI from your messaging app, and all you need to do is type your message and send it. However, you should be aware that there is a pre-typed comment in the text box that you might want to delete before adding your message to the president depending on how you feel about him. That message says, “Greatest President Ever!” although you can delete the message and type what it is that you really want to say to President Trump, or leave the comment if that is how you feel.
The White House app has a pre-loaded message you can text to the President. | Image by PhoneArena
Earlier versions of the app required permission to access the location of users’ devices, and permission to interact with the fingerprint and biometric hardware of these devices. It also demanded permission to have the app start running its background services as soon as users’ phones finished booting up, even without pressing the app’s icon.
PhoneArena readers previously noted the crazy permissions the app demanded
To run on an Android device, the White House app also needed permission to draw or overlay floating windows over the screen of users’ devices. It also wouldn’t run without these permissions:
- Read/Write Storage Access: Full access to read and write data to the local storage and shared directories of users’ devices.
- Wi-Fi Network Scanning: The permission to monitor network state changes and scan nearby Wi-Fi access points.
- Notification Badge Modification: Allowing the app to read and make changes to home screen notification badges.
Cybersecurity researchers are worried about the third parties that the app sends personal data to
Things get worse from here. Cybersecurity researchers say that there are vulnerabilities in the app that send users’ time zones, IP addresses, and other personal data to third parties such as OneSignal and Elfsight. Data received by OneSignal alone includes:
- Mobile carrier information
- Phone models
- Network types
- Operating system versions
- Session lengths
- Visit frequency
Former government IT executive Sonny Hashmi warned users, “Any app that is installed on government-issued devices can potentially create backdoor access to government networks behind the firewall.” Hashmi says that forcing government users to install this app on the government-provided phones belonging to federal workers is a “cause for alarm.”
Another complaint came from David Nesting, the former deputy Chief Information Officer (CIO) at OPM (Office of Personnel Management), basically the government’s Human Resources office. Nesting said that forcing government workers to download the app on their work phones forces federal employees to receive “the same propaganda they push out to the public.”
White House spokesperson Olivia Wales says that the app does not save any data. She adds that the app uses “standard” third-party services. Security researchers disagree.
