We intercepted the White House app's network traffic (atomic.computer)

Atomic Computer reports a live network capture (MITM) of the official White House iOS app (v47.0.4) and finds that most requests go to third parties rather than whitehouse.gov. The app sends device and session metadata—including language, timezone, IP address, and a persistent OneSignal identifier—to OneSignal via decrypted HTTPS traffic, and it loads multiple Elfsight-controlled domains using a two-stage script loader to inject widget code. The researchers also observe Google DoubleClick ad tracking within YouTube embeds and note that these behaviors were not disclosed in the app’s privacy manifest. The post describes logging activity across multiple tabs without modifying traffic and redacts personal identifiers in the published examples.