Call me crazy, but I don’t think an official government app should be loading executable code from a random person’s GitHub account. Or tracking your GPS location in the background. Or …

Call me crazy, but I don’t think an official government app should be loading executable code from a random person’s GitHub account. Or tracking your GPS location in the background. Or silently stripping privacy consent dialogs from every website you visit through its built-in browser. And yet here we are.

The White House released a new app last week for iOS and Android, promising “unparalleled access to the Trump Administration.” A security researcher, who goes by Thereallo, pulled the APKs and decompiled them — extracting the actual compiled code and examining what’s really going on under the hood. The propaganda stuff — cherry-picked news, a one-tap button to report your neighbors to ICE, a text that auto-populates “Greatest President Ever!” — which Engadget covered, is embarrassing enough. The code underneath is something else entirely.

Let’s start with the most alarming behavior. Every time you open a link in the app’s built-in browser, the app silently injects JavaScript and CSS into the page. Here’s what it does:

It hides: Cookie banners GDPR consent dialogs OneTrust popups Privacy banners Login walls Signup walls Upsell prompts Paywall elements CMP (Consent Management Platform) boxes

It forces body { overflow: auto !important } to re-enable scrolling on pages where consent dialogs lock the scroll. Then it sets up a MutationObserver to continuously nuke any consent elements that get dynamically added.

An official United States government app is injecting CSS and JavaScript into third-party websites to strip away their cookie consent dialogs, GDPR banners, login gates, and paywalls.

    • calliope@piefed.blahaj.zoneEnglish
      11·
      30 days ago

      Legitimately was going to say the same thing. Who would ever download this garbage?

      The narcissism is embarrassing.

      • U7826391786239@piefed.zipEnglish
        6·
        30 days ago

        stone age tribalism pretending to be individualistic–you are a unique and special snowflakeBUTSNOWFLAKESAREBADDONTBEASNOWFLAKE

    • mrnobody@reddthat.com
      1·
      30 days ago

      Oh it’s not just Republicans, any bootlickers suffice! Or people who just don’t follow politics the way many others do.

      • Powderhorn@beehaw.orgOPEnglish
        11·
        16 days ago

        This is so poorly formatted, it’s difficult to know where to start. As a liberal, I’m apparently “kinda dome.” I in no way resemble half a sphere.

        The Kingdome was a sports arena in Seattle that was demolished while I was in college there … the hed was “Kingdome fall down, go boom” as the strip story. I was not yet in any position of power and winced at this absurd hed.

        If you want to get involved in leftist circles, this is not the way to do it. Speaking in absolutes and cliche sounds more like an LLM than activism, except ChatGPT would have done a better job.

        Also, apostrophes are a thing. Check out Wikipedia if you don’t believe me.

    • HarkMahlberg@kbin.earth
      7·
      30 days ago

      The author is way too generous offering their services to the Trump administration. The app is a massive security hole by design. This administration is not your standard business client, they are the attacker that you defend against.

      If your adversaries buddies haven’t already done this analysis, they’re having a slow good week.

  • HubertManne@piefed.socialEnglish
    1·
    16 days ago

    anyone know why the user was deleted. I mean this is techdirt so I kinda doubt its because of this article.