AUDIE CORNISH, HOST:

Donald Trump campaigned for months on the idea that Hillary Clinton's use of a private email server put national security at risk. Now cybersecurity experts are saying Trump's continued Twitter use possibly on an older phone raises its own set of security risks. NPR's Sam Sanders reports.

SAM SANDERS, BYLINE: We've known for some time that Donald Trump tweets a lot himself from the account @RealDonaldTrump on an Android smartphone. We also know that Trump's continued tweeting might not be so secure. Soon after Trump took the oath of office, a hacker found out that Trump's Twitter account was linked to a basic Gmail account which really isn't that secure.

That's since changed. And just a few days ago, The New York Times reported that Trump continues to tweet from an old, unsecured Android smartphone. Several cybersecurity experts I've spoken to say this is not good.

NICHOLAS WEAVER: Donald Trump for the longest time has been using a insecure Android phone that by all reports is so easy to compromise it would not meet the security requirements of a teenager.

SANDERS: That's Nicholas Weaver. He's with UC Berkeley's International Computer Science Institute, and he went even further. Weaver says if those reports are true...

WEAVER: We must assume that his phone has actively been compromised for a while, and a actively compromised phone is literally a listening device.

SANDERS: Half a dozen cyber experts told me it's possible for an unsecured Android to be compromised and the owner of that phone to not even know it at all. And even if President Trump only uses that Android to tweet, malware could still infiltrate the phone's camera or microphone or even tell hackers where Donald Trump is.

Melanie Teplinsky is a privacy expert at American University, and she says even without those worst-case scenarios, just hacking into Trump's Twitter account alone could wreak havoc.

MELANIE TEPLINSKY: Another concern is that someone tries to influence stock markets or politics through the use of a Twitter account by making false posts.

SANDERS: So I asked the White House a few questions. One - is Trump tweeting from a secured device? Two - are those reports of Trump using an old, unsecured Android true? And three - is the Trump administration following all the cybersecurity protocols it should?

I got no answers to these questions and no confirmation or denial of all those reports that say Trump is using an unsecured device. But Deputy White House Press Secretary Stephanie Grisham did tell me, quote, "we don't comment on security protocols of any kind." So what should we think?

WEAVER: He is too valuable to be on a smartphone at all.

SANDERS: That's Nicholas Weaver again. He says the president won't be really secure until he's using an entirely different kind of phone than you or I use.

WEAVER: To actually build a smartphone that is locked down sufficient that a high-value target such as the president of the United States can run cannot speak on the general internet. It has to basically cut itself off from the rest of the world to be secure.

SANDERS: But that might not happen. Bill Anderson is the CEO of a security firm called OptioLabs, and he says instead of telling Trump no when it comes to how he can tweet or what phone he can use, security staff should try to meet the tweeter in chief where he is.

BILL ANDERSON: I think the challenge is for the security people that are supporting White House communications to improve their capability to secure the platform. That platform could let him tweet and yet not be at risk. So they need to catch up with what you can actually do with technology, not just say no.

SANDERS: And maybe that's already happening. Maybe his phone and his tweets are secure. But if that is the case, President Trump has yet to let us know. Sam Sanders, NPR News.

(SOUNDBITE OF A TRIBE CALLED QUEST SONG, "ELECTRIC RELAXATION")

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.