Skip to content

ZURICH, SWITZERLAND - 21 January 2026: U.S. Secret Service agents wait for U.S. President Donald Trump to step out of Air Force One on the tarmac at the Zurich Airport as he travels to the World Economic Forum in Zurich, Switzerland. (Photo by Chip Somodevilla/Getty Images)

Secret Service Personal Mobile Device Use Leaves Operations at Risk, Report Says

By Claire Meyer
29 June 2026

Today in Security

The U.S. Secret Service conducts some of the most sensitive and high-stakes protective operations in the world, but agents’ use of their personal mobile devices potentially put those missions at risk, according to a new report from the U.S. Department of Homeland Security (DHS) Office of Inspector General (OIG).

Secret Service agents are provided government-furnished cellphones and tablets with preapproved mobile apps, access to Secret Service systems and resources, mobile hotspot connectivity, and the typical voice, video, text and email communication. Those devices—managed by the Secret Service’s Office of the Chief Information Officer (OCIO)—are centrally managed using a mobile device management system that enforces security policies and seeks to ensure devices remain secure.

However, agents sometimes rely on their personal mobile devices for mission operations, especially when the government-provided devices fall short, such as during international travel or when trying to text images or video of a suspicious individual during a high-stakes event. The OIG report, Secret Service’s Deficient Mobile Device Management Increased the Risk to Protectees and Sensitive Information, found that the official devices did not always fully meet employees’ operational needs, “leaving employees without essential capabilities such that they resorted to using personal devices.”

While the report noted that these vulnerabilities have not been linked to any specific attacks, it stressed that they created avoidable vulnerabilities that could place operations—and principals—at risk.

Jonathan Wackrow, a former Secret Service agent and current managing director at Sentinel Resource Group and a frequent security and law enforcement analyst on CNN, tells Security Management that, “Whenever there is a violation of policy, organizations must look beyond the violation and ask why the workaround became a necessity in the first place. In this case, it is about understanding why officers and agents, given all the training and known threats, used personal or non-sanctioned devices.

“Were there delayed technology requests, or do approved tools meet the real operational pressure,” he asks. “For any organization, government or private, the key issue is not simply, ‘Why did agents violate policy?’ It is, ‘What capability gap made the violation feel necessary?’”

DHS policy prohibits the use of personal devices without prior approval, and Secret Service policy prohibits employees from carrying personal mobile devices while on duty during a protective or investigative operational assignment.

Personal device use has caused trouble for protective details before. Last year, researchers were able to track Sweden’s royal family and prime minister through their bodyguards’ and executive protection (EP) agents’ use of fitness app Strava. The data revealed politicians’ travel, private meetings, and private residence locations, potentially compromising operational safety.

The OIG report found that Secret Service employees used personal mobile devices for missions abroad because the official mobile devices lacked mobile messaging capabilities outside the United States—capabilities agents needed to communicate with stakeholders, law enforcement partners, and colleagues. Employees also used their personal devices to access websites that were blocked on their government devices but were necessary for principal safety, such as researching restaurants where a protectee was scheduled to dine.

Of the 24 individuals interviewed, 23 reported relying on personal devices, including during nearly every foreign assignment. While this stopgap measure enabled agents to carry out their mission in the moment, communicating using unsecured devices increases risk to protectees and employees.

“Secret Service employees and their personal devices are attractive targets for both foreign and domestic adversaries,” the report said. “If an adversary gains access to an employee’s personal mobile device or intercepts its communications, they could obtain mission-related data, including contacts, user history, geolocation, and photos. Such access could also reveal sensitive personal information, such as home addresses and family members’ identities. Adversaries could use this information to plan attacks against protectees or Secret Service employees. Use of personal devices also posed records retention challenges.”

The report found that agents’ official devices were heavily restricted by default, and if an agent identified the need for a new app or functionality, he or she would need to submit the request through the Secret Service OCIO service portal. Approval and deployment could take years, and most agents resorted to using their own personal devices instead of using proper channels for technology requests, especially when operational needs were pressing.

“Culture is critical,” Wackrow says. “When people believe the approved path will not work, they build an unofficial path. That is where risk starts to compound.

“Workaround behavior becomes normalized when the tools needed to meet operational demands are routinely delayed or denied,” he continues. “It forces the creation of a shadow operating system: personal phones, informal apps, and insecure communications.”

But the government-furnished devices weren’t infallible either. The report found that official mobile devices lacked adequate cybersecurity controls and that they were not routinely wiped after international travel, as per OCIO policy. One employee interviewed by OIG for the report had been on 20 international trips, including travel to high-risk countries, in eight years and their phone had never been wiped. Plus, some apps that OCIO deployed to agents’ official phones, including a third-party messaging system, contained vulnerabilities.

The Secret Service agreed with all of the OIG report’s recommendations, including outreach strategies about personal device risks, improving cybersecurity training, and routinely evaluating mobile device capabilities to ensure mission functions can be conducted securely.

The report carries lessons for private security teams, too, especially those with EP responsibilities.

“The lesson for corporate security is simple and direct: Secure tools must be usable tools,” Wackrow says. “In executive protection, teams need to communicate quickly with principals, local law enforcement, security vendors, drivers, hotels, aircraft teams, and family offices. If the official platform does not support that reality, people will use whatever works in the moment.

“The OIG report is a reminder to regularly test communications systems under real conditions—international travel, multiagency or vendor coordination, etc.—to ensure that no condition exists that would force a bad decision to meet operational demands.”

 

Focus on Agentic AI

What is Agentic AI?

How to Use AI Responsibly to Prevent SOC Analyst Burnout

3 Non-Negotiables for CISOs in the Agentic Era

Risk vs. Reward: What Security Leaders Need to Know When Using Agentic AI

Defending Against Online Fraud in the Age of Agentic AI

Best of Security Management

The Other Side of the Looking Glass: Providing Security for Marches and Rallies

Is Your Workplace Toxic? Here's What You Need to Do

Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

What to Add to a Rules of Engagement Document

What is Agentic AI?

How to Make a Weapon Selection When Arming Your Security Team
arrow_upward