Surveillance State

DHS Spies Couldn't Spy On Themselves: 76% of Apps on Intel Office Phones Flagged As 'High-Risk'

A new DHS Inspector General audit found 76% of apps on Office of Intelligence and Analysis smartphones are high-risk, prohibited, or tied to foreign adversaries — and the fix won't be done until 2027.

Ryan Callicoat 4 min read min read
Dark surveillance operations room with rows of glowing smartphones, suggesting government intelligence office device security failure

The agency that vacuums up the rest of America's data can't be bothered to lock down its own phones. That's the takeaway from a Department of Homeland Security Inspector General report published Monday, May 4, 2026 — a report that confirms what critics of the surveillance state have been saying for years: the people watching you are sloppy, unaccountable, and in some cases carrying apps tied to foreign adversaries on the very devices they use to handle sensitive intelligence.

The audit targets the DHS Office of Intelligence and Analysis (I&A) — the component that produces threat assessments, briefs the rest of the intelligence community, and shares classified material with state and local fusion centers. According to the IG, the office failed to enforce basic security settings on its government-issued smartphones, kept records on only a fraction of the devices it handed out, and let staff install apps the federal government has explicitly flagged as risky.

The numbers nobody wants you to dwell on

Three figures from the IG report tell the story. None of them require interpretation.

  • 76% of apps installed on I&A smartphones posed security risks, were prohibited, or allowed prohibited activities. That includes apps used for streaming, gaming, and — this is the part the press release glossed over — apps "associated with foreign adversaries."
  • The department maintained records for only 11% of the smartphones issued to its intelligence-office staff. The other 89% were essentially off-book — government property carrying government data with no central inventory tracking who had what.
  • Only 3 of 10 audited international trips followed the protocols for using a federal smartphone outside the country. The other seven trips were a free-for-all, in jurisdictions where every airport and hotel Wi-Fi node is a potential collection point for a foreign service.

If a private company managed its devices this way, OCR-1 and the SEC would be drafting press releases. Inside DHS, the response was a polite shrug: the department concurred with the watchdog's recommendations and pledged to resolve all the issues — by January 2027.

That is not a typo. The agency tasked with detecting hostile foreign influence on U.S. soil is giving itself twenty-one months to stop letting its analysts run adversary-linked apps on phones that touch classified information.

Cracked smartphone screen leaking glowing data particles, symbolizing the DHS intelligence office smartphone security failure

"Apps associated with foreign adversaries" — read that line again

Most of the mainstream coverage of this report has buried the most damning phrase. The IG didn't just find "high-risk" apps. The auditors specifically flagged software "associated with foreign adversaries" running on the phones of the very analysts who write the threat reports about those adversaries.

The federal government already keeps a list of vendors whose products are presumed to be a counterintelligence concern — Kaspersky, certain Chinese telecom suppliers, TikTok on official devices, and a rotating cast of mobile apps whose data pipelines route through Beijing, Moscow, or Tehran. Discovering that those apps are sitting on the home screens of DHS intelligence personnel is not a "configuration drift" problem. It is the kind of finding that, in any other agency, would trigger emergency device wipes and a counterintelligence review.

Instead, we're getting a 21-month remediation schedule and a press release.

The pattern: this is not an isolated lapse

If the DHS smartphone audit existed in a vacuum, it would already be alarming. It does not. It is the third major signal in three months that America's intelligence apparatus is leaking — sometimes by accident, sometimes by design.

  • In February, the Intelligence Community Inspector General disclosed a whistleblower complaint alleging that distribution of a highly classified intelligence report had been "restricted for political purposes," and that an intelligence agency lawyer failed to refer a potential crime to the Justice Department.
  • In April, the FBI announced it was leading a probe into a cluster of dead and missing American scientists, several of whom had access to classified nuclear and aerospace research. The list has since grown to eleven, and the House Committee on Oversight and Government Reform has opened its own investigation.
  • And on the very same day the DHS smartphone audit dropped, a federal judge released on home detention a Pentagon contractor accused of feeding classified military information to a Washington Post reporter — the same case in which the FBI raided the journalist's home in January.

Whistleblower complaints locked in safes. Scientists vanishing. Contractors walking classified information out the door. And now, an internal audit confirming that the Office of Intelligence and Analysis can't tell you what apps are on its own phones.

Silhouette of a federal official holding a smartphone with a red warning glow in a dimly lit corridor

What they're not telling you

The polite version of this story — the one you'll get from the wire services — is that DHS had a "compliance gap" and is "taking steps to address it." That framing assumes the people you're trusting with the surveillance state's most sensitive tools are at least competent at securing their own equipment.

The IG report says they aren't. And it leaves three questions deliberately unanswered:

  1. Whose adversary apps? The IG flagged apps "associated with foreign adversaries" — but did not name them publicly. The unredacted version is presumably on the classified side. The public version is a blank.
  2. How long? The audit is a snapshot. There is no public timeline indicating how many years I&A staff have been carrying these phones with this configuration. If the answer is "since the last administration," then a generation of intelligence reports may have been drafted on compromised hardware.
  3. Why a 21-month fix? Wiping a fleet of mobile devices and reinstalling a hardened mobile-device-management profile is, in the corporate world, a weekend project. January 2027 is not a remediation deadline. It is a hope that everyone has stopped paying attention by then.

None of this proves a coverup. None of it has to. The point of a surveillance state is that it surveils — and the moment it can't even surveil itself, every assurance you've been given about how carefully your data is handled deserves to be revisited.

They tell us the watchers are professionals. The IG just told us they're running TikTok on the briefcase.

Sources