A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming (www.androidheadlines.com)
from SocialistVibes01@lemmy.ml to privacy@lemmy.ml on 06 May 13:57
https://lemmy.ml/post/46942904

A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit.

#privacy

threaded - newest

IAmYouButYouDontKnowYet@reddthat.com on 06 May 14:59 next collapse

None of that is surprising.

Battle_Masker@lemmy.blahaj.zone on 06 May 17:18 collapse

Damn click bait economy making tech journalists have to jebait us for revenue

Lor@mander.xyz on 06 May 16:27 next collapse

My shocked face 😶

northernlights@lemmy.today on 06 May 22:39 next collapse

I wouldn’t have expected any less.

twoBrokenThumbs@lemmy.world on 07 May 02:57 next collapse

At least they acknowledge that cookie consent does nothing and paywalls are ridiculous.

auntieclokwise@lemmy.world on 07 May 04:19 collapse

And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site. So if that account ever gets compromised, arbitrary code could run inside the app’s WebView.

Somebody has the opportunity to do the most hilarious thing.