The analysis was published on Thursday, May 21st, by privacy software maker Jumbo. The review showcases that state officials and Apple, both of which were accountable for examining the application before it was pushed out on April 7th, were neglectful. Americans are particularly cautious of location and health information, and privacy abuse of any extent will hinder efforts to use smartphones both to contact-trace and to send exposure notifications.
Using Location-Tracking Companies
The states choose North Dakota app developer ProudCrowd to create Care19 for free, and the company has confirmed that information from its iPhone app is sent to Foursquare, a renowned location-data provider for other companies. Moreover, ProudCrowd reportedly said that the Google Android version of Care19 also uses Foursquare, but it does it in such a way that the data is hidden.
“Should this have been vetted? Yes. We are following up on that as we speak,” said Vern Dosch, the state of North Dakota’s contact-tracing facilitator. “We know that people are very sensitive.”
However, health officials in South Dakota did not reply to requests for comment. In the meantime, Apple stated that it was examining the report and that if it finds an app that doesn’t comply with the policy, it will make it right.
Health authorities are accelerating the development of coronavirus apps, often with very limited technical resources. They depend on commercial tracking entities and some obscure privacy protections, with the Care19 app as an upfront working to voluntarily collect citizen location data.
Falling Short of Promises
However, this is where Jumbo found the app falling short. Tracing the incoming data from the app, it discovered that Care19 sends information to Foursquare, such as citizens’ location, the advertising identifier, which is a unique code representing a particular smartphone, and the ‘citizen code’ generated by the app.
Care19’s developer, Tim Brookins of ProudCrowd, reported that the app uses a Foursquare service called Pilgrim SDK that adapts the location data as latitude and longitude into the names of places.
Jumbo CEO Pierre Valade said that Apple and Google have more definite rules for the new category of virus-tracking apps that users access to a smartphone’s Bluetooth signals to notify people that they may have been in contact with people who have COVID-19. The rules for these ‘exposure’ apps clearly state that they are now allowed to collect any location info or the user’s advertising identifier.