Skip to content
Tech News
← Back to articles

We intercepted the White House app's traffic. 77% of requests go to 3rd parties

2026-04-01 | original
read original get VPN Privacy Browser → more articles
Why This Matters

This investigation reveals that the White House app heavily relies on third-party services, with 77% of its requests directed to external hosts, raising concerns about data privacy and security. The findings highlight the importance for consumers and developers to scrutinize app traffic to understand data sharing practices and potential vulnerabilities in government and other high-profile applications.

Key Takeaways

This is a follow-up to our static analysis of the White House iOS app. In that post, we decompiled the app and documented what the code could do. Critics fairly pointed out that compiled code doesn’t mean active code.

So we set up a MITM proxy and watched what the app actually sends.

Setup

We installed mitmproxy on a Mac, configured an iPhone to route traffic through it, and installed the mitmproxy CA certificate on the device. Then we opened the White House app (v47.0.4, build 81) and browsed every tab: Home, News, Live, Social, and Explore.

All HTTPS traffic was decrypted and logged. No modifications were made to the traffic. The app was used as any normal user would use it.

On a single browsing session across all tabs, the app made requests to 31 unique hosts (excluding iOS system traffic):

Host Requests What It Is www.whitehouse.gov 48 WordPress API (news, home, wire, priorities, galleries, live) www.youtube.com 25 YouTube embeds phosphor.utils.elfsightcdn.com 19 Elfsight utility scripts static.elfsight.com 12 Elfsight static assets storage.elfsight.com 10 Elfsight file storage api.onesignal.com 9 OneSignal analytics and user profiling i.ytimg.com 9 YouTube video thumbnails rr6—.googlevideo.com 9 Google Video CDN scontent-lax7-1.xx.fbcdn.net 7 Facebook CDN (images) pbs.twimg.com 7 Twitter/X images apis.google.com 7 Google APIs widget-data.service.elfsight.com 6 Elfsight widget data core.service.elfsight.com 4 Elfsight boot API (the two-stage loader) video-proxy.wu.elfsightcompute.com 4 Elfsight video proxy img.youtube.com 4 YouTube thumbnails yt3.ggpht.com 3 YouTube channel avatars clients3.google.com 3 Connectivity check scontent-lax3-1.xx.fbcdn.net 3 Facebook CDN fonts.gstatic.com 2 Google Fonts jnn-pa.googleapis.com 2 Google APIs scontent-lax3-2.xx.fbcdn.net 2 Facebook CDN www.google.com 2 Google googleads.g.doubleclick.net 1 Google Ads / DoubleClick tracking static.doubleclick.net 1 Google Ads accounts.google.com 1 Google authentication universe-static.elfsightcdn.com 1 Elfsight CDN elfsightcdn.com 1 Elfsight CDN (platform.js) cdnjs.cloudflare.com 1 Cloudflare CDN ssl.gstatic.com 1 Google static yt3.googleusercontent.com 1 YouTube www.gstatic.com 1 Google static

Of the 206 app-initiated requests captured (excluding iOS system traffic), only 48 (23%) went to whitehouse.gov. The other 158 (77%) went to third-party services including Elfsight, OneSignal, YouTube, Google DoubleClick, Facebook, and Twitter.

What OneSignal Receives

This is no longer speculation from symbol analysis. This is the actual decrypted HTTPS request body sent to api.onesignal.com on app launch:

... continue reading

Explore topics: whitehouse mitmproxy youtube elfsight onesignal
Related:
It took a year, but YouTube for TV is finally getting this feature from the mobile app
Is Your Gmail Username Embarrassing? You Can Finally Change It
Australia Readies Social Media Court Action Citing Teen Ban Breaches
The New ‘Backrooms’ Trailer Is Packed Full of Endless Dread
Fedware: Government Apps That Spy Harder Than the Apps They Ban

© 2026 GoKawiil

About | Editorial Policy | Contact