[pratyushsood]

Government apps should absolutely be held to a higher standard than consumer B2C apps. Loading Google Fonts is one thing — sending telemetry to OneSignal and Facebook from an official government app is a different conversation entirely.

In Australia, apps handling government data must comply with the PSPF (Protective Security Policy Framework) and the ISM, which explicitly restrict data flows to untrusted third parties. A government app routing 77% of requests externally would fail an IRAP assessment on day one.

The fix is straightforward: self-host fonts, use first-party analytics, and treat every external request as a data exfiltration vector. Government digital teams know how to do this — the question is whether anyone is actually reviewing the network behavior post-deployment

[halJordan]

They actually are held to a higher standard. We just dont follow standards in this admin.

[JumpCrisscross]

> Government apps should absolutely be held to a higher standard than consumer B2C apps

Honestly—why? What is in this traffic that mandates heightened scrutiny? It strikes me as simply about brand.

[longislandguido]

Despite all the sneed on display, it's currently #4 in the App Store (ahead of Threads, Gmail, and Google Maps) and #1 in News so they did something right.

Personally, I want the most stringent CORS settings to read about his gold Sharpie pens.

[JumpCrisscross]

> it's currently #4 in the App Store (ahead of Threads, Gmail, and Google Maps) and #1 in News so they did something right

Not disagreeing. But why should its provenance force a higher standard? It’s a glorified news app, to my understanding. Is its breaching worse for national security than some weather app that had its moment in the sunlight?

[LocalH]

Because it is at some level officially backed by the White House. That alone brings higher scrutiny.

[s1artibartfast]

That is a reassertion of the same claim. What is the reason why?