Mastodawn

John Siracusa 2d ago

Do not download the White House App
I Decompiled the White House's New App
I Decompiled the White House's New App https://share.google/iXVXZqUKE9K8bagw3

I Decompiled the White House's New App

The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages.

Thereallo

AI6YR Ben 2d ago

@ai6yr
I know you haven't downloaded it..... 😆

@amyedge unusual to have government malware be quite so official and public. Very disturbing.

Maria Langer | 📝🛥️💎2d ago

@amyedge I'm trying to understand why anyone WOULD download the White House app. Who wants any of the bullshit they're selling?

@mlanger
Not me, but someone might out of curiosity.

Maria Langer | 📝🛥️💎2d ago

@amyedge I guess, but I'd rather publish my passwords on the Internet. 🤷🏼‍♀️

@mlanger
Iv@Nk@4547

Maria Langer | 📝🛥️💎2d ago

@amyedge I don't know what that means.

@mlanger
It was my attempt at a joke. Not a good one. I was imagining that the 🍊 password is Ivanka4547. It was a response to you saying you would rather post your password on the internet.

Maria Langer | 📝🛥️💎2d ago

@amyedge OK, I get it. (But I seriously doubt he would use special characters in his password.) And it probably would've been a good joke if I wasn't so dense.🤪

@mlanger
I'm really introverted. I work something out in my mind and then only state the result without realizing that other people were not a part of my thought process

Emanuel Friedereich 2d ago

@amyedge @mlanger I thought it was hilarious 😆

The Peter Pan of Nerdery™2d ago

@amyedge @techlifeweb Missed opportunity to turn this post into a palindrome

Wouter@nukleos 2d ago

@amyedge
"Recap

The official White House Android app:

Injects JavaScript into every website you open through its in-app browser to hide cookie consent dialogs, GDPR banners, login walls, signup walls, upsell prompts, and paywalls."

Q. Is that legal??

@nukleos @amyedge
Not a lawyer but sounds like it could be considered to be bypassing access controls to me which I believe is a DMCA thing.

Furbland's Very Cool Mastodon™2d ago

@amyedge w/o tracking link: https://blog.thereallo.dev/blog/decompiling-the-white-house-app

I Decompiled the White House's New App

The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages.

Thereallo

Krypt3ia 2d ago

@amyedge Never download applications from a hostile nation state.

@amyedge It had not crossed my mind to do so, but glad to know it's as sleazy as I expected it would be given the current squatter.

Khleedril 2d ago

@amyedge Unbelievable.

fan boy 🪭2d ago

@amyedge
That wasn't anyplace on my list. Even if I had known they had an app, it wouldn't have made it onto my list.

@amyedge looks like a long list of MIT licensed dependencies compiled in and distributed there. Are they complying with the attribution requirements of these OSS libraries?

@amyedge @timbray

I’m trying to replace all my apps with Safari Progressive Web App bookmarks of the apps’ corresponding webpages

MaksiSanctum he/him 2d ago

@amyedge This is not malware, it's spyware and by our government. WTF?

@MaksiSanctum @amyedge

They will mostly tracking MAGA idiots.

Random Participation 2d ago

@amyedge Nicely analyzed.

Bruce D Porter 2d ago

@amyedge explain to me again why Google wants to block the likes of F-droid apps being loaded?

artful modder 1d ago

@ytc1 so that malicious devs can be identified. for example, the ones that made the white house app.

WanWizard 🏴󠁧󠁢󠁳󠁣󠁴󠁿 🇳🇱1d ago

@amyedge These guys? https://devfortyfive.com/

Dev Forty Five | Government Contract Software Development

Dev Forty Five is a contract software development company focused on government contracts and realtime web applications.