Inside The Phone Habit That Left Secret Service Protectees Exposed
An interactive breakdown of how personal-phone use by agents created openings adversaries could have exploited, based on the Department of Homeland Security Inspector General’s audit.
A new audit from the Department of Homeland Security Office of Inspector General has found that the U.S. Secret Service did not properly secure and manage mobile devices used by its agents, including during protective missions guarding senior officials. Released this week, the report ties the gaps directly to a broader review of the July 13, 2024, attempted assassination of then-former President Donald Trump at a campaign rally in Butler, Pennsylvania, where the agency’s communications became a focus of scrutiny. For details on other recent technology disputes playing out in consumer markets, see this report on PlayStation Store lawsuits filed in multiple countries.
Trace The Risk Chain
Tap each step to see what investigators found
STEP 1 Agent skips government phone
Department of Homeland Security policy says agents may only use government-furnished phones for official business. But investigators found government devices frequently could not run certain communication apps or send some types of messages, pushing agents toward their own phones during real missions.
STEP 2 Personal device used instead
Agents used personal phones to talk with local law enforcement, foreign counterparts, and each other, especially overseas where government devices struggled to connect with local partners’ systems and apps.
STEP 3 Device sits outside government security
Once a personal phone is used for mission work, it sits entirely outside the Secret Service’s security controls. The agency cannot confirm the device is patched, free of malicious software, or running approved apps.
STEP 4 Sensitive data becomes exposed
Investigators say a compromised personal device could expose contacts, geolocation, photos, and mission details. Because agents protect senior officials, that exposure could extend to the locations and movements of protectees as well.
That trade-off was not abstract. Shortly before the July 13, 2024, assassination attempt in Butler, an agent used a personal phone to receive a photo from local law enforcement showing the man who would become the shooter, Thomas Matthew Crooks, after the agency’s own device proved unreliable for that purpose. Mobile coverage and equipment problems were among several factors investigators say slowed the response that day, alongside Crooks flying a drone over the rally site undetected and climbing onto a nearby rooftop minutes after being flagged to officers on the ground.
What The Audit Found, By The Numbers
Those figures come from call and text records the inspector general reviewed covering October 2022 through roughly mid-2025. Investigators also examined international travel vouchers and found 30 employees claiming reimbursement for using personal phones on official trips abroad; of 24 interviewed, 23 said they needed their own phone on nearly every foreign assignment. Beyond messaging, personal phones were also used as internet hotspots for government laptops and to reach websites blocked on official devices.
Three Separate Failure Points
Tap a category to see what investigators documented
Personal Devices โพ
Personal devices are not managed or secured by the Secret Service, so the agency cannot verify their software is current or free of malicious code. If a personal phone is jailbroken or running an outdated app, an adversary could intercept its communications, track its location, or pull contacts, photos, and geolocation history.
Using a personal phone for government work also runs against federal record-keeping rules that require official communications to be preserved.
Overseas Phones โพ
Government-issued phones used outside the United States lacked mobile threat defense software, which is meant to provide real-time protection against malware and cyberattacks. That software was not installed on any agency phones until August 2025, despite a department policy requiring it for overseas devices.
Phones were also not consistently wiped after international missions, even though agency policy requires this within 24 hours of returning to the United States. One employee said their phone had been wiped only four times in 15 trips over eight years.
App Vetting โพ
The Secret Service did not have a consistent process for testing software before it was deployed on agency phones. Investigators found vulnerable apps present on government-issued devices, raising the risk of malicious code reaching phones used on active protective missions.
One of the five recommendations calls for an updated vulnerability testing policy to be applied to all mobile app code before deployment.
How The Findings Connect To Butler
An attempted assassination of then-former President Trump in Butler, Pennsylvania, exposes communication failures, including agents and local officers relying on a mix of small group chats and separate radio channels.
The Inspector General’s review window for call logs, text records, and international travel vouchers tied to personal device use.
The Secret Service begins installing mobile threat defense software on government-issued phones, after the audit found none had it before this point.
The Department of Homeland Security Inspector General publishes its findings and five recommendations; the Secret Service concurs with all of them.
The danger investigators describe is not theoretical. The report cites a separate case in which a Mexican drug cartel hired a hacker who tracked a senior FBI official’s movements through Mexico City’s camera network and phone records, intelligence the cartel then used to identify and kill informants, according to a Justice Department inspector general report. Investigators say the same kind of exposure remains possible for Secret Service personnel until mobile device security overseas improves. The agency’s broader struggles with phone-based gaming and chat apps mirror concerns raised in other recent tech disputes, including Google’s adjustments to Play Store billing rules, where app oversight has also drawn regulatory attention.
Because the Secret Service does not manage or secure employees’ personal devices, communicating through these devices increased risks to protectees and employees.
โ Department of Homeland Security Office of Inspector General, June 2026 report
The Secret Service has pushed back on parts of the process behind the audit. Director Sean Curran wrote that the agency was not obligated to give the inspector general’s office direct access to its internal systems, citing concerns about exposing data outside the review’s scope, though the watchdog said this delayed its work by more than 130 days. On the substance of the findings, Curran said the agency has made “several comprehensive enhancements to Secret Service communications policies and protocols to both mitigate the potential for adversaries to intercept and exploit Secret Service information, as well as further strengthen the protective environment.” Phones issued to agents now carry approved commercial messaging platforms, including WhatsApp and Signal, according to an agency official.
Investigators also found the agency had not been consistently wiping phones after agents returned from international trips, despite a policy requiring this within 24 hours. One employee told the inspector general’s office their phone was wiped only four times across 15 international trips over eight years; another reported their device was never wiped at all over eight years and 20 trips, some to high-risk countries. Separately, the Secret Service had not begun installing mobile threat defense software, which guards against real-time cyberattacks, on any government-issued phones until August 2025.
The five recommendations call for a formal policy ensuring government phones carry the tools agents actually need for missions, mandatory completion of cybersecurity training, clearer internal messaging that personal devices are off-limits for official work, automatic wiping controls for phones returning from abroad, and an updated testing policy for vetting mobile app code before it reaches agency devices. The Secret Service agreed to all five. Coverage of other federal technology and device oversight matters is available in past reporting on device certification issues flagged by regulators and hardware rollout disputes in the tech sector.
The Department of Homeland Security Inspector General’s report covered Secret Service mobile device practices from October 2022 through 2025, focusing on personal phone use, overseas device security, and app vetting procedures. The audit was connected to the agency’s broader review following the July 2024 Butler rally incident. Five recommendations were issued and accepted by the Secret Service, covering device policy, employee training, internal communication, data wiping, and app testing. The report also referenced a separate Justice Department case involving a hacked FBI official’s phone in Mexico City as a comparison point for the risks described. The Secret Service’s response, including comments from Director Sean Curran, was included in the published findings. For ongoing coverage of related device and security stories, see this report on recent developments in consumer device launches.
