FEMA App — Federal Emergency Management Agency

⚠️ The bottom line

2.3 million disaster survivors' addresses and bank details shared with a contractor without adequate protections. Your house was destroyed by a hurricane. You applied for help. FEMA shared your data with a contractor and potentially with ICE. People fleeing floods and fires had to choose between asking for help and being deported. $1 billion in fraudulent FEMA payments after Katrina. Millions more after COVID. People used stolen identities to claim disaster relief, funeral assistance, and housing aid. The app that asks for your Social Security number to help you after a disaster couldn't tell the difference between you and someone using your stolen data.

Legal jurisdiction

🇺🇸 United States (headquarters)

⚠CLOUD Act read more →

US govt can demand your data from this company even if stored overseas

⚠FISA §702 / PRISM read more →

NSA collects stored emails, photos, messages without individual warrants

●Geofence warrants read more →

Police can demand location data for everyone near a crime scene

Spying

0/4 N/A

Is someone spying on me?

Data Sharing

2/4 MODERATE

Who gets my data?

Security

2/4 MODERATE

Is it actually secure?

Honesty

0/4 N/A

Can I trust what they say?

3Contradictions

1Critical

1High

1Medium

3Sources

Findings by concern

Data Sharing 2/4 MODERATE 1 finding

⚠️ criticalprivacy policy vs regulatory

What they claim: FEMA states disaster assistance data is protected and used for relief purposes

What we found: In 2019, the DHS Inspector General found FEMA had shared personal data of 2.3 million disaster survivors with a contractor without adequate privacy protections. The data included home addresses and bank account information. Separately, immigrant advocacy groups documented cases where FEMA data sharing with other DHS agencies led to ICE enforcement actions against undocumented disaster survivors.

Security 2/4 MODERATE 2 findings

⚡ highmarketing vs regulatory

$1 billion in fraudulent FEMA payments after Katrina. Millions more after COVID. People used stolen identities to claim disaster relief, funeral assistance, and housing aid. The app that asks for your Social Security number to help you after a disaster couldn't tell the difference between you and someone using your stolen data.

What they claim: FEMA app enables streamlined disaster relief applications with identity verification

What we found: GAO investigations found widespread fraud in FEMA disaster relief programs. After Hurricane Katrina, the GAO documented $1 billion in improper and fraudulent payments. After COVID-19, FEMA's funeral assistance program was exploited for millions in fraudulent claims using stolen personal data. The identity verification in the FEMA app failed to prevent mass fraud.

⚫ mediumprivacy policy vs app permissions

During a wildfire evacuation, the FEMA app tracks where you go, where you shelter, and when you come back. That movement profile — refugee route, shelter location, return date — sits in third-party analytics servers. Your worst day, mapped in detail, available to whoever buys the data.

What they claim: FEMA app collects location data to provide relevant local emergency alerts

What we found: The FEMA app requests persistent location access, even when not in use. Privacy researchers noted the app's third-party analytics SDKs could transmit location data to advertising networks. During disasters, this creates a detailed movement profile of evacuees — showing where they fled, where they sheltered, and when they returned — data that could be exploited by insurers, landlords, or law enforcement.

Sources

DHS IG: FEMA shared disaster survivors personal information(link unavailable) (2019-03-15)
GAO: Hurricanes Katrina and Rita — improper and potentially fraudulent payments (2006-06-14)
EFF: What the FEMA app knows about you(link unavailable) (2019-09-15)