Discussion
We Intercepted the White House App's Network Traffic. Here's What It Sends.
gruez: So like... most b2c apps out there? I checked app privacy report for a few such apps I have installed and also got a very high proportion of third party domains. Maybe not as high as 77% but definitely above 50% (ie. more domains are third party than first party). The most surprising part here is them refusing to put correct info in the "data collected" section of the app store listing.edit: they seemed to have updated the store listing, so the "data collected" section is correct.
tr_user: Are you also the type of person who thinks the government should be run like a business?
gruez: No. Stop putting words in my mouth.
refulgentis: Right, the White House is collecting data and sending it to Huawei, and overall collection rate is worse than any other app you’ve seen by a wide margin.
jmalicki: The government should outsource way more of their traffic to third parties than a business should, since the government is inefficient, right?
Cider9986: Some previous discussionhttps://news.ycombinator.com/item?id=47555556 https://news.ycombinator.com/item?id=47577761
iterateoften: A government app being built like b2c is exactly the problem
gruez: >to Huawei???
mattbuilds: No one put words in your mouth, they asked you a question. You are the one who made the initial comparison to B2C apps, so it seems like a fair question to me. Your comment implies that its standard and the app isn't doing anything out of the ordinary when I think most people would except an official government app to be held to a higher standard than the average B2C app.
gruez: >I think most people would except an official government app to be held to a higher standard than the average B2C app.Is this a "yes, in an ideal world that's how things should be" type of statement, or "yes, government agencies have a track record of delivering technical excellence on software projects, and this particular project was especially bad"?
neya: It's a classic deflection tactic - when they can't refute you by merit, they answer something with a question that is completely different about what was said - BOOM, the discussion is now about something else, completely different from the original issue. I honestly can't tell if it's bots or humans these days doing this a lot, but they're getting pretty good at it.
neya: Are you also the type of person who thinks the government isn't being run like a business everywhere in the world?If so, why do you think lobbying exists?I'm not saying it should be run like a business, but it is naive to think it isn't run like one.
gruez: I'm sure that HN's preferred app would be <5MB, and has zero third party SDKs or telemetry, but half a dozen SDKs and third party domains is basically most mass market apps these days. Is it bad? Yes, but the whitehouse isn't being egregiously bad, only "basically the rest of the industry"-bad.
amazingman: Poe's Law strikes again. I legitimately can't tell if this is sarcasm.
longislandguido: The number of dorks desperate to find something wrong with this literally-who-cares app borders on mental illness. How many times has this nonsense hit the front page this week?
abustamam: The US government is publishing an app that over 50k people have downloaded, at least on the Android app store.People should care.
ddxv: Browse the SDKs it's using as well:https://appgoblin.info/apps/gov.whitehouse.app/sdks
commoner: See: https://news.ycombinator.com/item?id=47581532
gunsle: This whole site has TDS as bad as Reddit at this point.
wnevets: I hear there is this amazing new app you can install to avoid all of the TDS you dislike so much.
ryandrake: Ok, so then it just sounds like whataboutism. Those other apps are just as bad. The tone of your original post sounded like you were defending the app's bad behavior. A lot of people might have mistaken your intent, which you clarified in [1].1: https://news.ycombinator.com/item?id=47596187
abustamam: "everything else sucks too" is not a great defense for the US govt.
SV_BubbleTime: Oh, sorry you missed Exlir and WASM, and rust and programming socks of course. Half credit.
nkozyra: > If so, why do you think lobbying exists?Specifically because it's not a natural market. There are people who secure a 2-year, consequence-free term to impact U.S. law, at the behest of people with money.Lobbying is special interests dictating decisions that often are not financially, morally, or otherwise ideal/beneficial to the other party (the United States and its people). This wouldn't fly at any corporation or business because there would be direct impacts on the bottom line or reputation of the company.
longislandguido: Orange Redditors have inexplicably flagged your post, which I vouched for as it breaks no rules.
merek: > We installed mitmproxy on a Mac, configured an iPhone to route traffic through it, and installed the mitmproxy CA certificate on the device.> All HTTPS traffic was decrypted and logged. No modifications were made to the traffic. The app was used as any normal user would use it.Is it really that simple to inspect network traffic on an iPhone, namely to get it to trust the user-installed cert? I do quite a bit of network inspection on Android and I find it to be painful, even if the apps don't use certificate pinning.Regardless, this finding highlights the importance of users having control of their devices, which includes the ability to easily inspect network traffic. We have the right to know where our data is being sent, and what data is being sent.I recall during COVID it was discovered that Zoom was sending traffic to China. There was also the recent case of Facebook tracking private mobile browsing activity and sending it to their servers via the FB app.
charcircuit: Just because an app embeds YouTube instead of creating their own video hosting solution that does not mean that does not mean that the app sucks.
lobf: > If so, why do you think lobbying exists?Would you like to be able to ask your representative to focus on a particular issue?
vjvjvjvjghv: [delayed]
