The latest White House app has been marred by serious security and privacy concerns. Released for iOS and Android devices, the app was touted as a means to live-stream and provide real-time updates from the White House. However, experts have discovered that the app collects users' location data every 4.5 minutes, sending it to a third-party server. This data is typically used for location-based campaigns, but its collection by the US government through an app that encourages users to report people to ICE is particularly concerning.
The app's security issues don't stop there. It has been found to load YouTube video embeds via a random GitHub user's personal page, making it vulnerable to attacks if the user's account is compromised. An attacker could potentially serve arbitrary HTML and JavaScript to every user of the app, posing a significant threat to users' security.
Furthermore, the in-app web browser injects CSS and JavaScript that removes users' ability to download content from the app, effectively limiting their control over their own data.
The White House app's security and privacy issues are a stark reminder of the importance of responsible app development. Nigerian tech startups, such as Paystack and Flutterwave, which have built their businesses on trust and user data security, would do well to take note of these concerns. The global tech community should also be on high alert, as these issues can have far-reaching consequences for users worldwide.
