If you work for the Department of Homeland Security, an app is about to be auto-loaded onto your work phone, sort of like that U2 album that auto-loaded on everyone’s iPhone in 2014, except instead of delivering “Songs of Innocence,” the app claims to deliver “unfiltered, real-time updates straight from the source”—the source being Donald Trump.
I’m sure you downloaded the app from the App Store or Google Play back in March, when it was released, but if you didn’t and, again, you work for DHS, you received an email Tuesday that was seen by Politico, who reported this news. That email calls the app, “a convenient way to access official White House communications, including announcements, executive actions, speeches, livestreams, videos and other updates.”
In the press release about the app on the White House site, the first item on the list of features is “breaking news alerts on major announcements, executive actions, and other key priorities.” With that in mind, you might think that photo I picked for the header of this article—the one with a post that says “That Wednesday night Trump dance🕺🇺🇸”—was chosen to make fun of it, but that’s simply the image the White House provided as an illustration.
Apparently the other features are:
- Video streaming
- A “library” of what sound like archived Trump sound bites
- The ability to “stay connected” with new policies
- An option to send feedback, including by voice
Some of the app’s other attributes, according to Notus.org, include sharing the user’s data including time zone, IP address, and more, with third-parties. According to Notus, the White House app “doesn’t disclose its data sharing the way most others do.”
Last month, according to the publication Government Executive, the Trump Administration told federal agencies to start installing it on phones, and “at least one agency”—the FAA—was already slated to receive the app on its phones as an auto-download. A former IT executive for the government’s General Services Administration named Sonny Hashmi told Government Executive, auto-installs of the app are “cause for alarm,” and that “Any app that is installed on government issued devices can potentially create backdoor access to government networks behind the firewall.”
It’s worth noting that an earlier White House app was released in 2010 when Barack Obama was president. That app also doesn’t look like it was all that great, but in Obama’s defense, 2010 was squarely in the middle of the “there’s an app for that” bubble from the early days of smartphones.
The current White House app, however, arrives in a far more complex technological and political climate. Mobile device management for government agencies has become a highly sensitive issue, especially after numerous high-profile data breaches and the increasing sophistication of state-sponsored cyberattacks. The Department of Homeland Security itself is responsible for overseeing the cybersecurity of federal civilian networks, and its own employees are often subject to some of the strictest security protocols. Mandating an app that collects location data, time zone information, and IP addresses—and shares that data with third parties in a manner the app does not fully disclose—represents a striking departure from typical best practices for government-issued devices.
Critics have pointed out that the app’s data-sharing practices may expose not only the personal information of DHS employees but also operational details that could be exploited by adversaries. For instance, IP addresses and time zone data can be used to track employee movements, determine when they are at work or at home, and potentially infer which government facilities they are accessing. Third-party partners of the app, which have not been publicly named, could further redistribute data or use it for purposes beyond the stated goals of “staying connected.”
The timing of the rollout is also noteworthy. The Trump administration has been pushing for greater control over government communications and messaging, and the White House app is seen as part of a broader effort to bypass traditional media filters and speak directly to federal employees and the public. However, forcing the app onto devices raises questions about compliance with federal privacy laws, including the Privacy Act of 1974, which governs how agencies collect and use personal information. Legal experts have suggested that the auto-install could violate rules requiring agencies to minimize data collection and to provide clear notice to individuals about how their data will be used.
Beyond legal concerns, the practical security risks are significant. Government devices often contain sensitive documents, classified materials, and access tokens to internal networks. Any app installed on such a device has the potential to be compromised, either through vulnerabilities in the app itself or through the third-party software development kits (SDKs) it may include. Security researcher Will Strafach, who has analyzed many government and political apps, told reporters that apps like this often rely on analytics SDKs that can send data to servers outside the government’s control. “Even if the app is well-intentioned, the supply chain of third-party code represents a risk,” he said.
DHS has not yet issued a public statement about the auto-install, but internal emails obtained by Politico suggest that IT departments are being directed to deploy the app through mobile device management (MDM) systems, which are commonly used to push out security updates and essential productivity tools. However, MDM is typically reserved for applications that have been vetted for security compliance. The White House app, which was built by a private vendor, has not undergone the same level of scrutiny as standard government software.
The app’s rating on both the App Store and Google Play has been mixed, with many users complaining about battery drain, excessive permissions, and the lack of a clear privacy policy. One review on the App Store reads: “Why does a news app need access to my location and contacts? This is creepy.” Another says: “Installed for work. Now I’m worried about my personal data.” Despite these concerns, the White House has framed the app as a tool for transparency and direct engagement. In a statement accompanying the app’s original release, Press Secretary said, “President Trump believes Americans deserve direct access to information without the spin of the media.”
The auto-install plan has already drawn comparisons to other controversial software deployments. In 2014, Google faced backlash for automatically downloading and storing U2’s album on all iOS devices, a move that many called intrusive. Unlike that scenario, however, the current situation involves a government mandating software on its employees’ devices—employees who may not have a choice in the matter. Refusing to install the app could potentially be seen as insubordination, though it is unclear if any disciplinary actions have been explicitly tied to non-compliance.
Hashmi, the former GSA IT executive, also highlighted the precedent this sets for future administrations. “If this app is allowed to be auto-installed, what stops the next administration from doing the same with their own app?” he asked. “Over time, federal devices could become filled with political messaging tools that have nothing to do with the actual work of government.” Some have called for Congress to intervene or for the Government Accountability Office (GAO) to investigate whether the app violates procurement laws or security standards.
Meanwhile, the Federal Aviation Administration (FAA) has already begun the auto-install process for its employees. Pilots, air traffic controllers, and support staff who use government-issued phones are now seeing the White House app appear on their home screens. One FAA employee, speaking on condition of anonymity, said, “I didn’t ask for this. I don’t want to be tracked. I just want to do my job.” The employee added that their IT helpdesk had received a spike in calls about the app, with many workers asking how to remove it. Unfortunately, for now, removal instructions are not being provided, as the app is considered a mandatory installation under the current directive.
As the story continues to develop, security advocates are urging DHS employees to review their device settings and to report any unusual data usage or behavior from the app. Some are also recommending the use of separate personal devices for sensitive communications, though that is not always feasible for work-related tasks. The broader implications for government IT policy are significant: if the auto-install proceeds without incident, it may open the door for similar deployments from other agencies, effectively turning government smartphones into vessels for political messaging.
Source:Gizmodo News