A traffic interception of the White House iOS app reveals that 77% of its requests go to third-party services rather than official government servers. Using mitmproxy to monitor HTTPS traffic, researchers found that out of 206 app-initiated requests, only 48 went to whitehouse.gov while 158 connected to companies including Elfsight, OneSignal, YouTube, Google DoubleClick, Facebook, and Twitter.

On app launch, OneSignal receives detailed user profiles including device model, OS version, IP address, timezone, language, session counts, and a persistent unique identifier. The app sends 18 PATCH requests to update user profiles with session metadata. Elfsight's two-stage loader injects scripts from 13 different domains, setting 10+ tracking cookies per session. YouTube embeds load Google's DoubleClick ad tracking infrastructure, which was not disclosed in the app's privacy manifest.

The official privacy manifest claims 'No Data Collected,' yet the app actively profiles users and shares data with multiple advertising and analytics companies. This discrepancy between declared privacy practices and actual behavior raises serious questions about government transparency in digital services. The findings demonstrate how official government apps can become conduits for commercial surveillance infrastructure, collecting detailed user data under the guise of official communication.