Contact-tracing apps are problematic, and that’s before they violate their own privacy policies.
The Care19 app, developed for the North Dakota Department of Health by developer ProudCrowd, was intended to assist health officials in their battle against coronavirus by logging users’ location data. In the process, according to a report released Thursday, it also sent users’ location data to Foursquare.
The findings, published by the makers of the privacy-focused app Jumbo, highlight the risks inherent in contact-tracing apps. When you have software designed to log your location, or your interactions with other people, and then share that data, you run the risk of said data ending up in unintended hands.
In the case of Care19, this is especially concerning, as the app’s privacy policy appears to explicitly prohibit what Jumbo says it observed.
“This location data is private to you and is stored securely on ProudCrowd, LLC servers,” reads the policy at the time of this writing. “It will not be shared with anyone including government entities or third parties, unless you consent or ProudCrowd is compelled under federal regulations.”
Foursquare, of course, is a third party.
Proof, according to Jumbo, that the app sends location data to Foursquare.
Image: jumbo / care19 app
“[Contact-tracing apps] do present unique privacy concerns,” Jumbo CEO Pierre Valade told Mashable over Twitter direct message. “Absolutely, we need to be vigilant.”
And what does the developer behind Care19, Tim Brookins, have to say about this?
“The Care19 application user interface clearly calls out the usage of Foursquare on our ‘Nearby Places’ screen, per the terms of our Foursquare agreement,” he explained over email to the Washington Post. “We will be working with our state partners to be more explicit in our privacy policy.”
In other words, Brookins appears to chalk this up to confusion, rather than any intentional effort to misrepresent his app. Confusing, however, is a bit of an understatement. Sharing users’ location data with a third party — in direct contrast to a promise made in the privacy policy — is a pretty colossal screw-up.
Foursquare, for its part, told the Washington Post that it discards the location data received via Care19 and does not monetize it. Even so, the mere fact that such data was being sent undermines users’ trust in contact-tracing apps and highlights the very real privacy concerns the apps present.
SEE ALSO: North Dakota launched a contact-tracing app. It’s not going well.
“We hope that these findings will help the health agencies that are currently working on similar apps to make sure privacy is respected,” writes Jumbo CEO Pierre Valade.
We hope so, too. For all our sakes.
As the world looks for every possible edge in its battle against the coronavirus, officials have naturally looked to technology for