New York Attorney General Asks Apple and Google to Vet Third-Party Contact Tracing Apps - MacRumors
Skip to Content

New York Attorney General Asks Apple and Google to Vet Third-Party Contact Tracing Apps

by

Apple and Google have been asked by New York's Attorney General to do more to prevent sensitive health data from being collected by third-party contact tracing apps.

exposure notification cartoon
According to Business Insider, AG Letitia James sent letters to both companies and urged them to impose tighter restrictions on the apps if they are to be available in their app stores, following concerns that some of the apps have not been properly vetted.

"As businesses open back up and Americans venture outdoors, technology can be an invaluable tool in helping us battle the coronavirus," said Attorney General James. "But some companies may seek to take advantage of consumers and use personal information to advertise, mine data, and unethically profit off this pandemic. Both Apple and Google can be invaluable partners in weeding out these bad actors and ensuring consumers are not taken advantage of by those seeking to capitalize on the fear around this public health crisis."

James noted that the privacy-centric exposure notification technology that Apple and Google developed isn't being used by all contact tracing apps. As such, she is urging the two companies to commit to greater oversight by only allowing apps affiliated with federal or state public health agencies to collect personal health data.

The hope is that by prohibiting third-party contact tracing apps from collecting personal data, it won't be used for targeted advertising or for identifying anonymous users.

James wrote that third-party apps should be required to delete personal health information on a rolling 14-day basis, and that the companies' respective app stores should disclose which apps were launched by governments and which are made by private developers.

"Consumers should always check with the Apple App Store or Android Play Store for information on what entity operates the app and whether the app collects geolocation information or other data," cautioned James.

According to the report, Apple and Google have until June 19 to acknowledge the Attorney General's letter.

Tags: COVID-19 Coronavirus Guide, Exposure Notification Guide

Top Rated Comments

R
Ritsuka
76 months ago

Apple should have never gotten into this absolute BS.

Now they have to live with it.

Actually what Apple needs to do is to allow alternative app stores. Remove stupid tracking hooks from iOS - idiots who want to contact trace everyone can then install apps that do it, and normal people can then ignore it.

Since when was Apple a company that tracks and traces its customers anyway? They spent decades building up a reputation for privacy just to throw it all away over the flu? 🤦‍♂️
Did you even spend two seconds to check how Apple and Google contact tracing works? First, it's totally local, nothing is sent to a server, and an app developer can't change the way it works. Second, an app needs a special entitlement to use it, and Apple gives it to only one per country, so there is no way for a third-party developer to use it (and use it for what, to store the contacts locally in a way they can't even be read back?). Third, it needs an actual app installed to work, so if you don't install anything it won't magically start to locally track contacts in a way no one will be able to read.

Plus on iOS Apple contact tracing API is the only way to track bluetooth contacts in background.

I would worry more about your cellphone carrier selling your phone location to everyone that asks in the USA, or people posting photos with GPS info…
Score: 19 Votes (Like | Disagree)
phenste Avatar
phenste
76 months ago

Yeah Apple totally cares about your privacy: this after opening just 3 Apps in one minute:

Forgive me, but—what is the point you mean to make here? I’m guessing (big guess) that these are ad trackers/analytics from third party apps. Those are not things Apple would be within their bounds to restrict; those are the exact ways some third-party companies make money outside the 30% ecosystem. (If I’m not mistaken. I’m asking these questions precisely because I am super ignorant to what the meaning of this message is.)

Attachment Image
Score: 6 Votes (Like | Disagree)
Tekguy0 Avatar
Tekguy0
76 months ago

Forgive me, but—what is the point you mean to make here? I’m guessing (big guess) that these are ad trackers/analytics from third party apps. Those are not things Apple would be within their bounds to restrict; those are the exact ways some third-party companies make money outside the 30% ecosystem. (If I’m not mistaken. I’m asking these questions precisely because I am super ignorant to what the meaning of this message is.)
I think Apple is within their bounds to restrict this, but they chose not to. A rule for apps for iOS 14 could be that you must use a new, built-in analytics kit, and that all third-party analytics and tracking networks (including for ads) are no longer allowed. Seeing scorecard research in that screenshot is especially scary, since it collects browsing data.
Score: 4 Votes (Like | Disagree)
R
Ritsuka
76 months ago

Except, Apple built this right into iOS 13.5 and beyond. So if a customer want to choose not to have the tracing, their option would be stay on iOS 13.4.1, unfortunately.
That's not it works. For the bluetooth contact tracing to work you have to manually install one of the few apps (one per country) available, and manually enable it. And even when enabled, the contact list is stored locally on your iPhone, and no one will be able to access it, and the contacts are stored as alphanumeric identifier, and each phone identifier changes after 15 minutes or so, so it's completely useless for everything else.
Score: 3 Votes (Like | Disagree)
D
Dainin
76 months ago

I don't think the answer is going federal — keeping it local/state has many benefits and allows the opportunity to phase out per region. The issue is using a proper back end and one with a high level of data security and most important (I feel) I trust Apple/Google more than I do the government at the moment that this centralized hashed data will be dumped and not leveraged at a later date.
That is the great thing about the API, the hashes are completely worthless to keep and stored only on your phone. I do not support a centralized app that does not use the Apple/Google API.

The problem is only a few states are actually using the API, most are using draconian tracking and identity information. On top of that, even if I did use my states app (which I will not unless they use the API) it is worthless if I travel. I will get no notification if I drive across State lines or someone else drives through using a contact tracing app.
Score: 2 Votes (Like | Disagree)
I7guy Avatar
I7guy
76 months ago

I think Apple is within their bounds to restrict this, but they chose not to. A rule for apps for iOS 14 could be that you must use a new, built-in analytics kit, and that all third-party analytics and tracking networks (including for ads) are no longer allowed. Seeing scorecard research in that screenshot is especially scary, since it collects browsing data.
How is apple supposed to know. Let's say all this naughty stuff is done on the hosting web server instead? I believe the way Apple views this, is you and the developer have an agreement. However, the app the developer puts into the store has to meet Apples guidelines...but once your data leaves the iphone, you have to trust the app developer is adhering to their privacy policy.
Score: 2 Votes (Like | Disagree)
Read All Comments