Government apps should absolutely be held to a higher standard than consumer B2C apps. Loading Google Fonts is one thing — sending telemetry to OneSignal and Facebook from an official government app is a different conversation entirely.

In Australia, apps handling government data must comply with the PSPF (Protective Security Policy Framework) and the ISM, which explicitly restrict data flows to untrusted third parties. A government app routing 77% of requests externally would fail an IRAP assessment on day one.

The fix is straightforward: self-host fonts, use first-party analytics, and treat every external request as a data exfiltration vector. Government digital teams know how to do this — the question is whether anyone is actually reviewing the network behavior post-deployment

▲

JumpCrisscross 8 hours ago | parent [-]

> Government apps should absolutely be held to a higher standard than consumer B2C apps

Honestly—why? What is in this traffic that mandates heightened scrutiny? It strikes me as simply about brand.

▲

longislandguido 8 hours ago | parent [-]

Despite all the sneed on display, it's currently #4 in the App Store (ahead of Threads, Gmail, and Google Maps) and #1 in News so they did something right.

Personally, I want the most stringent CORS settings to read about his gold Sharpie pens.

▲

JumpCrisscross 6 hours ago | parent [-]

> it's currently #4 in the App Store (ahead of Threads, Gmail, and Google Maps) and #1 in News so they did something right

Not disagreeing. But why should its provenance force a higher standard? It’s a glorified news app, to my understanding. Is its breaching worse for national security than some weather app that had its moment in the sunlight?

	▲	LocalH 4 hours ago \| parent [-]
		Because it is at some level officially backed by the White House. That alone brings higher scrutiny.