Your tax dollars built an app. And that app, according to a sharp-eyed developer on X, was built to watch you back.
The White House Official App — launched on March 27th with all the fanfare of a new iPhone drop — was supposed to be the ultimate direct line between the Trump administration and the American people. Breaking news, live briefings, a media library, a feedback channel. Sounds great on paper. Sounds like something every administration should’ve done years ago.
Then somebody cracked open the hood.
What a Developer Found Under the Surface
On March 28th, an X user going by @Thereallo1026 posted decompiled source code from the app that lit up like a Christmas tree. The post — which racked up nearly 260,000 views — showed what appeared to be OneSignal’s full GPS pipeline baked right into the application. We’re talking Android location permission strings, background location access, and a foreground update interval set to 270,000 milliseconds. That’s every 4.5 minutes, for those of you who don’t speak nerd.
The background interval? Every 10 minutes.
@Thereallo1026 put it bluntly:
“The White House App has OneSignal’s full GPS pipeline compiled in, polling your location every 4.5 minutes, syncing your exact coordinates to a third party server.”
Now here’s the twist — and I’ll get to the important nuance in a second — but first, let’s talk about the permissions list, because that’s where things got really entertaining.
A Permission List That Would Make Beijing Blush
A day before the GPS story broke, another X user — @DiligentDenizen — flagged the app’s full permissions list in a post that blew past 832,000 views. The description was chef’s-kiss perfect:
“NEW WHITE HOUSE ‘NEWS’ APP HAS CHINA-LEVEL BIG BROTHER PERMISSIONS.”
The app was requesting access to precise and approximate location, biometric fingerprint hardware, the ability to modify or delete shared storage, network and Wi-Fi connections, permission to prevent your phone from sleeping, and — just for fun — the option to run at startup. This isn’t a pizza delivery app. It’s a government news feed. Why does it need your fingerprint scanner?
Amanda Beckham, government relations director at Free Press Action, nailed the broader concern:
“Websites, apps, and devices we wear or carry collect information about where we work, the places we visit, our browsing history, political opinions, medical and biometric data, and more. When aggregated, all of this data represents the power to influence, manipulate, and discriminate.”
She wasn’t even talking about this app specifically — that quote came in the context of broader federal data privacy legislation. But it fits like a glove.
The Important Fine Print
Now, here’s where I give credit where it’s due — to the independent developers who dug deeper. Multiple analysts who reviewed the decompiled code confirmed that while those GPS tracking constants exist inside OneSignal’s bundled SDK, the app doesn’t actually call that capability. No location permission prompt fires when you install it. OneSignal’s own documentation says location data isn’t collected unless a developer explicitly flips the switch.
Translation: the GPS code is most likely leftover from the SDK template. Residual code. A loaded gun in a drawer that nobody pulled the trigger on.
That matters. Accuracy matters, even when the story is juicy.
So Where Does This Leave Us?
Here’s my honest take: the Trump administration had a genuinely good idea. Cut out the middleman media. Talk directly to the people. That instinct is pure Trump — no filter, no spin, straight to the source. I love it.
But whoever built this app got sloppy. You don’t ship a government application with a bloated third-party SDK full of location-tracking infrastructure and a permissions list that reads like a surveillance wishlist, then act surprised when people freak out. Government apps should be held to a higher standard than some random flashlight app from 2014. Strip the SDK down, publish a transparent privacy policy that actually addresses the app’s specific capabilities — not some generic redirect page — and move on.
Independent academic research from March 2025 already flagged OneSignal as one of the most prevalent SDKs collecting device GPS data across thousands of Android apps, noting that geolocation data “can reveal individuals’ daily habits” and “visits to sensitive sites.” That’s not the kind of company you want embedded in an official White House product, even if the tracking features are dormant.
Trump didn’t build this app to spy on anyone. But the people he hired to build it left the door wide open — and in Washington, an open door is an invitation somebody will eventually accept.
Clean it up. Lock it down. And next time, maybe have someone audit the code before you hand it to 330 million Americans.