The official US government app collects GPS information, fingerprint data, and facial images, and also uses the Huawei SDK, which is subject to sanctions.



Many people have likely been surprised when an app they installed casually requested a wide range of permissions. Sam Bent, an expert in

OSINT (Open Source Intelligence) who derives important insights from publicly available information, has pointed out that official U.S. government apps acquire a large number of permissions to collect data, and that they also include Huawei's SDK (Software Development Kit), which is subject to sanctions.

Fedware: 13 Government Apps That Spy Harder Than the Apps They Ban
https://www.sambent.com/the-white-house-app-has-huawei-spyware-and-an-ice-tip-line/

The official White House app , provided by the U.S. government, is said to offer press releases, live streams, and policy updates. However, this app reportedly requests various permissions, including precise GPS location information, biometric fingerprint access, storage modification, startup execution, drawing on other apps, displaying Wi-Fi connections, and reading badge notifications.

Furthermore, the official White House app includes three embedded trackers, one of which is Huawei Mobile Services (HMS Core) , provided by Huawei. The U.S. government considers Huawei a 'national security threat ' and has banned the sale of Huawei telecommunications equipment in the country, yet the official app utilizes tools made by Huawei.

Bent used Exodus Privacy , a tool that analyzes and records which trackers and permissions are embedded in apps, to investigate the permission information of all official apps provided by the U.S. government. As a result, Bent points out that some apps could be called 'Fedware,' a combination of 'federal' and 'malware.'

For example, the FBI's news app, myFBI Dashboard , requests 12 permissions, including changing storage, scanning Wi-Fi, discovering accounts, reading device status, and running at startup. It also includes four trackers, one of which is Google AdMob , Google's advertising SDK.



Furthermore, the official app of the U.S. Federal Emergency Management Agency (FEMA) requests as many as 28 permissions, including precise location information. Bent pointed out, 'It's an app whose main function is to display weather warnings and shelter locations, yet it requests 28 permissions. For comparison, the Associated Press news app provides similar disaster coverage with far fewer permissions.'



IRS2Go , the official app of the U.S. Internal Revenue Service (IRS), includes 10 permissions and 3 trackers, but the IRS released the app to the public before signing the required privacy impact assessment, which violates guidelines from the U.S. Office of Management and Budget (OMB).



Among the apps that Mr. Bent is particularly concerned about is

Mobile Passport Control , provided by the United States Customs and Border Protection (CBP). This app aims to simplify U.S. immigration procedures and reduce waiting times, but seven of the 14 permissions it requests are classified as 'dangerous permissions.' Specifically, it requests permissions such as background location tracking, camera access, biometric authentication, and full read/write access to external storage. Furthermore, it is alleged that Mobile Passport Control and other CBP apps store users' facial images for up to 75 years and transmit the data to a network shared by the Department of Homeland Security (DHS), Immigration and Customs Enforcement (ICE), and the Federal Bureau of Investigation (FBI).



The following graphs show the number of permissions requested (COUNT) and the number of trackers (TRACKERS) for various U.S. government apps. The diagonal lines in the bar graph for CBP Passport (Mobile Passport Control) indicate that the permission is dangerous.



Furthermore, Bent pointed out that avoiding U.S. government apps does not necessarily mean you are safe. In fact, Director Kash Patel has admitted that the FBI purchases location data to track people's movements and location history. It has also been reported that an agreement was reached in April 2025 for the IRS to provide taxpayer information to ICE.

FBI Director says he is buying location data of American citizens - GIGAZINE



Bent's report has also been a hot topic on the social news site Hacker News. One user commented on the inclusion of a Huawei SDK in a government app, saying, 'Government agencies have deemed this company (Huawei) too dangerous, so I can't buy their monitors. And yet they're incorporating the SDK into their official app!? I understand that the decision-makers probably don't even know it exists, and that the contractor who developed the app just added it without permission , but that could be even worse.'

Fedware: Government apps that spy harder than the apps they ban | Hacker News
https://news.ycombinator.com/item?id=47577761

Related Posts:

in Software,   Smartphone,   Security, Posted by log1h_ik