On March 27, the White House launched a new official mobile app, now available on the usual app stores. According to the institution, the app is designed to allow Americans to communicate directly with the White House, “cutting through the noise with unfiltered, real-time updates straight from the source.”
While the app appears to have been designed exclusively for Americans, it may also appeal to organizations and individuals keen to follow White House communications in real time. From a privacy standpoint, however, downloading it would be a serious mistake. Here is why.
Data Collection and Consent-Bypass Practices Found in the App
A designer, developer and former reverse engineer known by the pseudonym Thereallo took a close look at how the app works.
According to their analysis, backed up by code samples, the app includes a web viewer used to open external links. Code is injected into it to make cookie banners disappear, without taking the user’s choice into account. In effect, the developers appear to have built in a form of GDPR circumvention — even though GDPR is not, strictly speaking, a domestic issue in the United States.
So is this app basically an ad blocker? Not at all. When the app is open, precise geolocation data is collected every four minutes and thirty seconds. Even when the app is closed, it continues collecting GPS location data in the background every nine minutes. On top of that, users’ email addresses are reportedly shared with private entities, along with profiling data, all without consent, whether the user is in the United States or in Europe.
Why Consent Remains Central to User Protection
These practices clearly show why cookie banners on websites and in mobile apps still matter: they are what inform users, request consent, and, in principle, trigger the collection and processing of personal data.
The Digital Omnibus regulation currently being examined by the European Union suggests reducing consent fatigue by centralizing user choices at browser level. If adopted in its current form, the text would push Europeans into a trap very similar to the one illustrated by this case study.” - Romain Bessuges-Meusy, CEO of Axeptio.
Let’s be clear: consent fatigue is very real, and there are already several ways to address it: through CMP customization, interoperability between consent solutions, and the emergence of consent-assistance tools, to name a few.
That said, in its current form, Digital Omnibus only addresses web browsers with any real precision, while remaining extremely vague when it comes to mobile operating systems and applications.
It is also worth noting that a web viewer such as the one embedded in the White House app would not be covered by this proposed legislation at all.
In that context, centralizing consent at browser level (through Google Chrome, Microsoft Edge or Apple Safari, for example) raises a number of concerns, particularly around whether meaningful, informed consent can actually be guaranteed across all environments.
Looking further ahead: defending the neutrality, diversity and interoperability of the web
For Axeptio, simply identifying the challenges is not enough. We believe in taking a resilient approach and building with what is being proposed. And we remain convinced that this can only be achieved through the neutrality and diversity of the internet.” — Romain Bessuges-Meusy
Consent-management mechanisms do not disappear just because banners do. What is at stake, however, is that centralizing them in the hands of a small number of players threatens the balance and diversity of the ecosystem.
Remove cookie banners, but you will not remove the underlying consent-management mechanisms — and those mechanisms are necessary. But if they become standardized, controlled and dominated by a handful of players, none of them European, then we are no longer dealing with plurality.” — Pascal Vautrin, Privacy Standards Expert
Against that backdrop, a new standard is emerging: navigator.consent, which offers an alternative approach built on interoperability.
navigator.consent is a tool that:
- makes cookie banners disappear visually, without removing their role in ensuring that consent and data are handled properly;
- enables granular choice through existing consent assistants such as Consenter or Taste;
- promotes market diversity, and therefore neutrality;
- avoids all the risks that a monopoly would create, both for users and for the market.
This resilient proposal not only addresses the needs raised by Omnibus, it goes far beyond them. Admittedly, for now this concept applies only to web environments, not apps — but it is only a beginning. We believe it is our duty to respond while remaining constructive and proactive. If we fail to do so, then Code is law will quietly give way to Might is right.” — Romain Bessuges-Meusy
