Update, Jan. 25: A profile of Donald Trump in the New York Times has confirmed the President still uses "his old, unsecured Android phone, to the protests of some of his aides." According to the report, Trump likes to watch television at night, and often uses his phone to tweet reactions at news programs.
It's impossible to overstate the inseparability of Donald Trump and his Android phone. The 70 year-old doesn't email, and once said that "computers have complicated lives very greatly." But for someone who doesn't really get how the internet works, Trump has disproportionately relied on his phone to communicate with the outside world, primarily through Twitter.
So when it came time for Trump to surrender his Android for a government-sanctioned device, he was allegedly, yet predictably, unhappy. The headlines swiftly poured in. Some outlets likened the physical transfer of power to a child having their favorite toy taken away.
"Donald Trump trades in his Android for a 'secure' device." "Security concerns force President Trump to ditch his Android phone." "The Secret Service is taking away Trump's beloved Android smartphone."
Before his inauguration, sources close to Trump's transition team told the New York Times he had relinquished his phone for a "secure, encrypted device approved by the Secret Service."
In addition to getting a new number, Trump was likely given a device with extremely minimal functionality. When President Obama fought and succeeded to keep his BlackBerry phone, for example, he received one stripped of unnecessary utilities, and without recording capability. The exact specs of Obama's phone, however, were kept a secret by the NSA.
"Ideally he'd be minimizing the use of the personal device to ensure that the majority of his activity is conducted on the secured device, which if it's anything like Obama's phone, would be unable to send texts/emails or make unsecured calls on commercial networks," Chris Eng, vice president of research at Veracode and a former engineer at the NSA, told me over email.
It's unclear whether Trump has actually stopped using his phone, or whether it was indeed modified for security purposes. Part of this confusion stems from the fact that we don't know what type of phone he was asked to replace his Android with. Toward the end of his time in office, Obama was allowed to use a pared down iPhone.
Today, Trump tweeted a photo that appears to show the reflection of an iPhone 6 or 7. It's impossible to tell whether the hands belong to Trump, so this doesn't confirm that he's actually switched phones.
What we do know is on the morning of his inauguration, Trump tweeted from an Android. The day after being sworn-in as President, Trump also tweeted from an Android. And yesterday, Trump again tweeted from an Android.
Last year, White House Press Secretary Sean Spicer told WPRI that Trump's social media usage "is going to be something that's never been seen before." Spicer's later admission that he's not forewarned about Trump's tweets offers a glimpse at how digital operations are run in this administration.
Given Trump's noted disregard for decorum, is it possible that he's still using an vulnerable device? If so, what's the worst that could happen?
"If he's just using the personal phone for Twitter and nothing else, assuming the phone was first wiped clean of anything that was stored on it previously, then there'd be no direct risk posed to sensitive or classified government data," Eng said.
When asked to confirm reports that Trump had begun using a secure phone for his communications, the President's press team did not respond to a request for comment.
"However, if he could be tricked into installing malware on the personal phone, that malware could then do any number of things, such as capturing microphone audio or leaking GPS coordinates. For all we know, however, the Secret Service may have taken some additional steps to disable functionality on the personal phone as well," Eng added, and warned that everything is speculation at this point.
Earlier this month, BuzzFeed News pointed out that Trump's personal Twitter account is a ticking timebomb. If we can infer anything from Trump's reckless tweeting, it's that OPSEC isn't up there on his list of priorities. Is Trump foolish enough to click on a malicious link in DM? Which third-party apps has he enabled on his personal account? Does he even have two-factor authentication enabled?
Surprisingly, there's no evidence to suggest that @POTUS and @realDonaldTrump are equipped with extra security layers. At most, sources told BuzzFeed News, the presidential accounts have two-factor authentication and strict protocols enforced on the user side of things.
Twitter did not respond to questions about special security features that might exist for Trump's accounts.
Strangely enough, presidential law has been slow to catch up with the pace of technology. There doesn't seem to be anything legally compelling Trump to hand over his personal device, only historical precedent from former administrations. Before taking office, President George W. Bush turned in his personal phone, according to Eng. Bush also famously put an end to email correspondence with friends in a farewell letter.
Even the Presidential Records Act of 1978—which "requires the preservation of records created or received by the President or his staff"—has barely eked out guidelines around digital communications. (Trump drew attention to the Act this weekend when he deleted a misspelled tweet, potentially violating the law.)
As with many aspects of Trump's presidency, the answers to these question will likely be answered in time, and on his terms. Who knows, maybe we'll find out on Twitter.