<![CDATA[https://blog.thereallo.dev/blog/decompiling-the-white-house-app]]>https://blog.thereallo.dev/blog/decompiling-the-white-house-app

Wowy wow wow wow! I’m sure none of y’all planned on downloading the malware from the Mango, but just in case, DO NOT. It will:

Inject JavaScript into every website you open

Has a full GPS tracking pipeline always on.

Loads JavaScript from a random person's GitHub Pages site (lonelycpp.github.io) for YouTube embeds.

Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.

Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.

Has no certificate pinning.

Ships with dev artifacts in production.

Profiles users extensively through OneSignal - tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation

]]>https://board.circlewithadot.net/topic/950bfbc2-f005-49be-9802-21efc96ea2a8/https-blog.thereallo.dev-blog-decompiling-the-white-house-appRSS for NodeFri, 17 Apr 2026 17:37:16 GMTMon, 30 Mar 2026 22:31:22 GMT60<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 03:01:59 GMT]]>@MissConstrue
it doesn't even considered installing on GraphineOS, saying my phone is incompatible

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/Retreival9096/statuses/116321558175957432https://board.circlewithadot.net/post/https://hachyderm.io/users/Retreival9096/statuses/116321558175957432Tue, 31 Mar 2026 03:01:59 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 02:11:17 GMT]]>@gbargoud @MissConstrue Hopes and wishes aren't illegal after all.

At least not yet...

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116321358781134136https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116321358781134136Tue, 31 Mar 2026 02:11:17 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 02:05:55 GMT]]>@nazokiyoubinbou @MissConstrue

It would be, especially if they also take down Mecha Hitler's Child Porn O Matic while they're consistently enforcing their rules.

]]>https://board.circlewithadot.net/post/https://masto.nyc/users/gbargoud/statuses/116321337724413273https://board.circlewithadot.net/post/https://masto.nyc/users/gbargoud/statuses/116321337724413273Tue, 31 Mar 2026 02:05:55 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 02:02:49 GMT]]>@gbargoud @MissConstrue Same, but wouldn't it be amazing if they actually did uphold the standards they enforce on other devs just this once?

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116321325544652516https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116321325544652516Tue, 31 Mar 2026 02:02:49 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 02:01:57 GMT]]>@nazokiyoubinbou @MissConstrue

Should definitely be reported but I wouldn't hold my breath on any company that made a donation to the ballroom doing anything other than metaphorically lick his taint.

]]>https://board.circlewithadot.net/post/https://masto.nyc/users/gbargoud/statuses/116321322101618871https://board.circlewithadot.net/post/https://masto.nyc/users/gbargoud/statuses/116321322101618871Tue, 31 Mar 2026 02:01:57 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 00:24:07 GMT]]>@MissConstrue @mediopocillo These days, sadly, it's a given.

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116320937436453277https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116320937436453277Tue, 31 Mar 2026 00:24:07 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 00:23:39 GMT]]>@nazokiyoubinbou @mediopocillo I hadn't even thought about contact contamination until y'all mentioned it.

]]>https://board.circlewithadot.net/post/https://mefi.social/users/MissConstrue/statuses/116320935570963025https://board.circlewithadot.net/post/https://mefi.social/users/MissConstrue/statuses/116320935570963025Tue, 31 Mar 2026 00:23:39 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Tue, 31 Mar 2026 00:18:40 GMT]]>@mediopocillo Unknown at current, I believe.

]]>https://board.circlewithadot.net/post/https://mefi.social/users/MissConstrue/statuses/116320915951857205https://board.circlewithadot.net/post/https://mefi.social/users/MissConstrue/statuses/116320915951857205Tue, 31 Mar 2026 00:18:40 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Mon, 30 Mar 2026 23:42:58 GMT]]>@mediopocillo @MissConstrue That's the fun thing about this stuff. With access to contacts, anything and everything they've saved in that contact is shared with whoever they grant access to and there is absolutely nothing said contact can do about it. (Isn't it *GREAT*??)

It's down to how much they actually put in there what is gotten, so make sure they don't have anything like your social media profiles or etc saved in there because that's all you can do from your end is ask those people.

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116320775626367304https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116320775626367304Mon, 30 Mar 2026 23:42:58 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Mon, 30 Mar 2026 23:41:03 GMT]]>@MissConstrue It sounds like people should report the app then.

Imagine how much the orange one would explode if the app were pulled from the store for being in violation of basic rules (and, uh, laws by the look of it... Despite what the article says, I'm pretty sure some of it is surely illegal.)

Just *imagine* what it would do to his puny ego...

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116320768054778271https://board.circlewithadot.net/post/https://mastodon.social/users/nazokiyoubinbou/statuses/116320768054778271Mon, 30 Mar 2026 23:41:03 GMT<![CDATA[Reply to https://blog.thereallo.dev/blog/decompiling-the-white-house-app on Mon, 30 Mar 2026 23:08:31 GMT]]>@MissConstrue
Even if I don't some of my cousins might. What happens if I'm in their contacts?

]]>https://board.circlewithadot.net/post/https://boriken.social/users/mediopocillo/statuses/116320640141720225https://board.circlewithadot.net/post/https://boriken.social/users/mediopocillo/statuses/116320640141720225Mon, 30 Mar 2026 23:08:31 GMT