I Decompiled the White House's New App

73 points by yashgarg

An official United States government app is injecting CSS and JavaScript into third-party websites to strip away their cookie consent dialogs, GDPR banners, login gates, and paywalls.

This administration? Yeah, that tracks.

singpolyma

I mean, I'm not sure why this is even a problem? I have my browser set to do this automatically as well.
- mdaniel
  
  I believe that's because you made that decision for yourself, but an app that does it is making that decision for everyone who uses it
- awswrd
  
  I think the difference here is that you chose to do that, on your own behalf, implying consent.
  
  It's the lack of consent that's so representative of this administration.
landon

What happens in this case? is it equivalent to reject all or accept?
- singpolyma
  
  Reject all. Which is what they should be required to do and not show these banners in the first place.
- bkhl
  
  You have not given consent, so it would be equivalent to rejecting. It only gets shady if you have programs automatically "click" accept buttons.
  
  Even then of course that's not really consent to anything specific either, but at least whoever runs the service would have some justification to think you gave consent.
jak2k

I hope https://github.com/lonelycpp does some funny stuff…
- mdaniel
  
  I wanted it to be some super weirdo license but no such luck https://github.com/LonelyCpp/react-native-youtube-iframe#license (MIT)
untitaker

Top HN comment:

A bit skeptical of how this article is written as it seems to be mostly written by AI. Out of curiosity, I downloaded the app and it doesn't request location permissions anywhere, despite the claims in the article.

I've noticed Claude Code is happy to decompile APKs for you but isn't very good at doing reachability analysis or figuring out complex control flows. It will treat completely dead code as important as a commonly invoked function.
- sknebel
  
  despite the claims in the article
  
  But the article explicitly says they are unsure if that code is actually active?
- Student
  
  The article does specifically say that there are 3 gates and it might or might not be enabled.
ocramz

Comment removed by author
- nonagoninf
  
  Reading the blog post, I wondered is this worse than your average Android/iOS app? Besides them stripping cookie banners, etc., pretty much every app is full of trackers these days and too many ask for location access for 'in-store experiences' or what other bullshit reason one could find for tracking.