The FAA — Federal Aviation Administration — informed its employees on Friday: next week, the IT team will automatically install "The White House" app on all official iPhones and iPads. Without request, without choice. It will simply appear on the screen.

This is not a local initiative of the aviation agency. Federal CIO Greg Barbaccia issued an order to chief information officers of agencies to help the White House deploy the app on all official mobile devices of the executive branch. According to Government Executive, this concerns millions of phones.

What's inside the app

The app launched in March 2025 with a promise to give citizens "unfiltered" access to the administration's priorities. Inside are press releases, official media, a selection of news articles, and a "Text President Trump" button, which actually leads to a subscription to a marketing mailing list.

Federal employees will receive the same public version — with no additional functions or access levels. This is precisely what cybersecurity experts find most concerning.

"Any app installed on an official device potentially creates a backdoor to government networks behind the firewall."

— Hashmi, former official of the U.S. General Services Administration (GSA), quoted by Government Executive

Numbers that don't match the rhetoric

An independent analysis of the app's code and network traffic conducted by researcher atomic.computer revealed a structural problem: only 23% of the app's requests go to whitehouse.gov — the remaining 77% go to third-party commercial services.

Network analysis confirmed: each time the app launches, it transmits the IP address, time zone, device model, OS version, number and duration of sessions, and a persistent unique identifier to the OneSignal service — despite the permissions description stating "this app does not use your location," and the privacy manifest declaring zero data collection.

• The app transmits IP addresses, time zones, and other user data to third-party services.
• Among the identified vulnerabilities is Elfsight, a Russia-based company that provides widgets for the app, through which personal data of some White House staff members became publicly available.
• None of the commercial services involved have FedRAMP authorization — a mandatory federal security standard for cloud products in the public sector.
• GPS tracking was initially present but was removed after public disclosure.

"Propaganda" or standard practice?

The White House defends the decision with a standard argument. Spokeswoman Olivia Wales stated that "government devices typically have pre-installed apps useful for the daily work of civil servants."

Former government technology official David Nesting views the situation differently: "It's simply a way to force all federal employees to see the same propaganda they are spreading to the public."

The precedent is indeed non-standard: officials — both current and former — called this step extremely unusual and even dangerous. Previously, official devices could have communication tools like Teams or Zoom installed — but not politically colored content from a specific administration.

If even one of the third-party services involved proves to be a data leak vector — no one has been officially assigned responsibility for auditing the security of this decision.