March 31, 2026
Phones home… and away
We intercepted the White House app's traffic. 77% of requests go to 3rd parties
Official app pings YouTube, trackers & more — some say 'normal', others scream 'not for a gov app'
TLDR: The White House’s app reportedly sends most of its traffic to outside companies and shares basic analytics data. Commenters are split between “that’s how apps work” and “not acceptable for a government app,” with extra heat over claims the App Store page doesn’t accurately disclose data collection.
The internet just caught the White House’s official app chatting up a crowd of outside services — and the comments are on fire. Researchers used a tool to watch where the app “talks” when you open it, and say 77% of the traffic goes to third parties like YouTube, Google, Facebook, Twitter, widget provider Elfsight, and push-alert/analytics firm OneSignal. OneSignal reportedly gets basics like language, country, timezone, an ID and an IP address. Even Google DoubleClick (an ad tracker) shows up once.
Cue the split-screen reaction. One camp shrugs: this is how most consumer apps work, says one user, pointing out they see similar patterns on their phones. But the other camp is livid, arguing “normal for apps” shouldn’t be normal for a government app — especially with over 50,000 downloads. The sharpest sting? Multiple commenters blast the White House app’s App Store page for allegedly mislabeling what data it collects. Others pile on with receipts: SDK lists via AppGoblin and prior threads and threads.
It’s not just privacy panic; the thread veers into politics fast, with a detour into lobbying and influence. Meanwhile, jokesters rename it the “White Ad House” and quip the app’s “Explore” tab is really exploring your data. Bottom line: the scan lit a fuse, and the crowd can’t agree whether this is business as usual — or a public-sector oops that needs fixes, fast.
Key Points
- •Researchers used mitmproxy on a Mac and an iPhone to intercept and decrypt the White House iOS app’s HTTPS traffic (v47.0.4, build 81).
- •In one session, the app contacted 31 unique hosts (excluding iOS system traffic).
- •Out of 206 app-initiated requests, 48 (23%) went to whitehouse.gov and 158 (77%) to third-party services.
- •Third-party services included Elfsight (multiple domains), OneSignal, YouTube, Google services (APIs, video CDN, Fonts, DoubleClick), Facebook CDNs, Twitter images, and Cloudflare cdnjs.
- •A decrypted request to OneSignal on app launch contained language, timezone_id, country, first_active/last_active timestamps, IP address, and a onesignal_id (redacted).