The White House’s official app ships with Huawei Mobile Services Core—tracking infrastructure from a company the U.S. government sanctioned in 2019 and banned from federal networks for “national security threats.” Security researcher Sam Bent published a comprehensive audit on March 28, 2026, analyzing 13 federal apps using Exodus Privacy. The findings expose systematic government apps surveillance: Congress bans TikTok for data collection concerns while federal apps from the FBI, FEMA, and White House embed identical capabilities—including sanctioned Chinese SDKs, ad trackers in law enforcement apps, and 28 permissions for simple weather alerts.
The Smoking Gun: Huawei SDK in White House App
The administration that spent years warning about Huawei’s surveillance capabilities now distributes an official app containing Huawei’s tracking code. Version 47.0.1 of the White House app requests seven dangerous Android permissions: precise GPS location, fingerprint access, storage modification, Wi-Fi scanning, and boot auto-start. All this to deliver news updates you can read on whitehouse.gov with zero permissions.
Bent used Exodus Privacy, an open-source platform that performs static analysis of Android apps, to audit federal software. The tool extracts class names from APK files and cross-references them against a database of known tracking SDKs. The White House app test returned an unambiguous result: Huawei Mobile Services Core embedded in the code. You can’t ban a company’s equipment from federal networks while shipping their tracking infrastructure in official government software. That’s not security policy—it’s theater.
FBI Serves Ads, FEMA Demands 28 Permissions
The surveillance isn’t limited to one app. The FBI’s official Dashboard app requests 12 permissions and embeds four trackers, including Google AdMob—an advertising platform that serves targeted ads based on user behavior. Why does a federal law enforcement app need to serve advertisements? Either the agency didn’t audit their contractors for embedded trackers, or they’re intentionally collecting user data for “partnerships.”
FEMA’s disaster alert app is worse. It demands 28 permissions just to display weather notifications. For context, AP News delivers identical disaster coverage with roughly 10 permissions. FEMA wants precise GPS, storage access, and boot auto-start to tell you about hurricanes. The permission bloat is 2.8x commercial apps for the same functionality—and there’s no technical justification for it.
75-Year Faceprint Retention and Warrant-Free Tracking
App permissions are just the entry point. Once agencies collect biometric data, location history, or phone identity, it gets shared across ICE, DHS, and the FBI for decades. CBP Mobile Passport retains faceprints for 75 years—effectively permanent for most people. That’s not border security; that’s building a lifetime surveillance database.
ICE maintains contracts with Clearview AI ($9.2 million, renewed in 2025) providing access to 50 billion scraped photos. The facial recognition system has generated at least eight wrongful arrests in 2026 alone. One case: a Tennessee woman falsely identified for bank fraud in North Dakota, a state she’d never visited. She was arrested, extradited, and charged before evidence proved she was shopping in Tennessee when the crime occurred. Clearview’s database matched her face to someone else’s crime.
Meanwhile, DHS purchases 15 billion location points daily from Venntel, a data broker tracking 250+ million devices. The ACLU obtained 6,168 pages of records through FOIA showing 336,000 location points in a three-day span—26 points per minute. Agencies buy this data to circumvent the Supreme Court’s Carpenter ruling, which requires warrants for historical location tracking. The “data broker loophole” lets them purchase what they’re constitutionally barred from collecting directly.
Government Surveillance Reform Act Aims to Close Loopholes
Legislators responded to documented abuses. In March 2026, Senators Ron Wyden (D-OR) and Mike Lee (R-UT), along with Representatives Warren Davidson (R-OH) and Zoe Lofgren (D-CA), introduced the bipartisan Government Surveillance Reform Act. The bill closes the data broker loophole by requiring warrants before federal agencies can purchase Americans’ location data, phone records, or biometric information from commercial sources.
The legislation also reforms Section 702 FISA surveillance, which expires April 20, 2026. It has bipartisan support, but faces uncertain prospects in a Republican-controlled Congress. Context matters: the Government Accountability Office reported that 60% of 236 privacy and security recommendations issued since 2010 remain unimplemented by federal agencies. Congress recommended comprehensive privacy legislation twice—in 2013 and 2019—and passed neither. Agencies have a track record of ignoring reform.
The TikTok Double Standard
The U.S. forced TikTok to restructure under majority American ownership in January 2026, citing concerns that ByteDance might share user data with the Chinese government. TikTok’s data collection—location tracking, biometrics, browsing history—was labeled a “national security threat.” Yet federal apps collect identical data. The White House app doesn’t just match TikTok’s surveillance; it embeds tracking code from a sanctioned Chinese company.
If TikTok’s data practices warrant forced restructuring, then federal apps with Huawei SDKs, 75-year faceprint retention, and warrant-free location purchases deserve equal scrutiny. The selective enforcement isn’t about principled privacy protection—it’s geopolitics dressed up as security policy. Americans should get the same privacy protections from their government that policymakers demand from foreign apps.
Congress needs to pass the Government Surveillance Reform Act, implement the GAO’s 142 ignored privacy recommendations, and audit all federal apps using tools like Exodus Privacy. Most importantly, agencies should be required to obtain warrants before purchasing data from brokers like Venntel or accessing Clearview’s facial recognition database. The “national security” justification for app bans rings hollow when the White House ships the same technology it sanctioned.
