A newly released app from the US government has raised concerns among users and researchers over possible location tracking, data collection, and security risks.
The White House introduced the app on Friday, promoting it as a way for users to have a “direct line” to official updates. It offers features such as breaking news alerts on major government announcements, livestreams, and updates on policy developments.
Some users on X have questioned the permissions the app may require, including access to location data, device storage, and network activity, although these claims have not been independently confirmed.
While it is common for many apps to request such permissions, the involvement of a federal government entity has heightened scrutiny and concern.
At present, listings on both the Google Play Store and Apple App Store do not show any specific warnings related to these permissions.
According to the app’s privacy policy, it automatically collects certain information such as IP addresses and basic usage data. It may also store names and email addresses from subscribers, though providing this information is optional for users.
A security engineer claims the app may include GPS tracking features.
According to its Google Play Store listing, the app may collect personal data such as phone numbers and email addresses through downloads and usage, while Apple’s App Store directs users to the White House’s privacy policy for further details.
A developer on X, known as Thereallo, along with Adam, a security engineer and infrastructure architect, say they have found code indicating the app could access a device’s GPS for tracking purposes.
Although location access is common in many apps, Adam noted it is unusual in this case, as the app does not appear to offer features that would require it.
“There’s no map, no local updates, no geofencing, no nearby events, and no weather features—nothing that would justify location access,” he said.
Thereallo also suggested the app may be capable of tracking a device as frequently as every 4.5 minutes while in use and every 9.5 minutes in the background, though these claims have not been independently confirmed.
They noted that while the app still requires user permission to access location data, the capability appears to be built in and could be activated easily, with the tracking infrastructure already in place.
Thereallo also claimed the app collects additional information, including how users interact with notifications, clicks on in-app messages, as well as phone numbers and state-level location data.
Adam further raised concerns about the app’s security, suggesting it may be vulnerable to interception or manipulation by technically skilled individuals.
“Anyone on the same Wi-Fi network—whether at a café, airport, or even a congressional hearing room—could intercept API traffic using a proxy,” he said. “And on a jailbroken device, it’s possible to hook into the app and modify its behavior in real time.”
“No servers were probed. No network traffic was intercepted. No DRM was bypassed. No tools were used that require jailbreaking. Everything described here is observable by anyone who downloads the app from the App Store and has a terminal.”
