New York Attorney General Asks Apple and Google to Vet Third-Party Contact Tracing Apps

by

Apple and Google have been asked by New York's Attorney General to do more to prevent sensitive health data from being collected by third-party contact tracing apps.

exposure notification cartoon
According to Business Insider, AG Letitia James sent letters to both companies and urged them to impose tighter restrictions on the apps if they are to be available in their app stores, following concerns that some of the apps have not been properly vetted.

"As businesses open back up and Americans venture outdoors, technology can be an invaluable tool in helping us battle the coronavirus," said Attorney General James. "But some companies may seek to take advantage of consumers and use personal information to advertise, mine data, and unethically profit off this pandemic. Both Apple and Google can be invaluable partners in weeding out these bad actors and ensuring consumers are not taken advantage of by those seeking to capitalize on the fear around this public health crisis."

James noted that the privacy-centric exposure notification technology that Apple and Google developed isn't being used by all contact tracing apps. As such, she is urging the two companies to commit to greater oversight by only allowing apps affiliated with federal or state public health agencies to collect personal health data.

The hope is that by prohibiting third-party contact tracing apps from collecting personal data, it won't be used for targeted advertising or for identifying anonymous users.

James wrote that third-party apps should be required to delete personal health information on a rolling 14-day basis, and that the companies' respective app stores should disclose which apps were launched by governments and which are made by private developers.

"Consumers should always check with the Apple App Store or Android Play Store for information on what entity operates the app and whether the app collects geolocation information or other data," cautioned James.

According to the report, Apple and Google have until June 19 to acknowledge the Attorney General's letter.

Tags: COVID-19 Coronavirus Guide, Exposure Notification Guide

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Production Will Reportedly Begin Ramping Up in October

Tuesday July 23, 2024 2:00 pm PDT by
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Read Full Article68 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article160 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Kuo: Ultra-Thin iPhone 17 to Feature A19 Chip, Single Rear Camera, Semi-Titanium Frame, and More

Wednesday July 24, 2024 9:06 am PDT by
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Read Full Article162 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
icloud private relay outage

iCloud Private Relay Experiencing Outage

Thursday July 25, 2024 3:18 pm PDT by
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Read Full Article82 comments

Top Rated Comments

Ritsuka Avatar
Ritsuka
54 months ago

Apple should have never gotten into this absolute BS.

Now they have to live with it.

Actually what Apple needs to do is to allow alternative app stores. Remove stupid tracking hooks from iOS - idiots who want to contact trace everyone can then install apps that do it, and normal people can then ignore it.

Since when was Apple a company that tracks and traces its customers anyway? They spent decades building up a reputation for privacy just to throw it all away over the flu? ?‍♂️
Did you even spend two seconds to check how Apple and Google contact tracing works? First, it's totally local, nothing is sent to a server, and an app developer can't change the way it works. Second, an app needs a special entitlement to use it, and Apple gives it to only one per country, so there is no way for a third-party developer to use it (and use it for what, to store the contacts locally in a way they can't even be read back?). Third, it needs an actual app installed to work, so if you don't install anything it won't magically start to locally track contacts in a way no one will be able to read.

Plus on iOS Apple contact tracing API is the only way to track bluetooth contacts in background.

I would worry more about your cellphone carrier selling your phone location to everyone that asks in the USA, or people posting photos with GPS info…
Score: 19 Votes (Like | Disagree)
phenste Avatar
phenste
54 months ago

Yeah Apple totally cares about your privacy: this after opening just 3 Apps in one minute:

Forgive me, but—what is the point you mean to make here? I’m guessing (big guess) that these are ad trackers/analytics from third party apps. Those are not things Apple would be within their bounds to restrict; those are the exact ways some third-party companies make money outside the 30% ecosystem. (If I’m not mistaken. I’m asking these questions precisely because I am super ignorant to what the meaning of this message is.)

Attachment Image
Score: 6 Votes (Like | Disagree)
Tekguy0 Avatar
Tekguy0
54 months ago

Forgive me, but—what is the point you mean to make here? I’m guessing (big guess) that these are ad trackers/analytics from third party apps. Those are not things Apple would be within their bounds to restrict; those are the exact ways some third-party companies make money outside the 30% ecosystem. (If I’m not mistaken. I’m asking these questions precisely because I am super ignorant to what the meaning of this message is.)
I think Apple is within their bounds to restrict this, but they chose not to. A rule for apps for iOS 14 could be that you must use a new, built-in analytics kit, and that all third-party analytics and tracking networks (including for ads) are no longer allowed. Seeing scorecard research in that screenshot is especially scary, since it collects browsing data.
Score: 4 Votes (Like | Disagree)
Ritsuka Avatar
Ritsuka
54 months ago

Except, Apple built this right into iOS 13.5 and beyond. So if a customer want to choose not to have the tracing, their option would be stay on iOS 13.4.1, unfortunately.
That's not it works. For the bluetooth contact tracing to work you have to manually install one of the few apps (one per country) available, and manually enable it. And even when enabled, the contact list is stored locally on your iPhone, and no one will be able to access it, and the contacts are stored as alphanumeric identifier, and each phone identifier changes after 15 minutes or so, so it's completely useless for everything else.
Score: 3 Votes (Like | Disagree)
itsmilo Avatar
itsmilo
54 months ago
All this tracking spyware that is part of basically any app should be illegal or at least easy to be disabled manually.

when I see all the outgoing ad connections that apps try to send makes me cringe.
Score: 2 Votes (Like | Disagree)
Dainin Avatar
Dainin
54 months ago

I don't think the answer is going federal — keeping it local/state has many benefits and allows the opportunity to phase out per region. The issue is using a proper back end and one with a high level of data security and most important (I feel) I trust Apple/Google more than I do the government at the moment that this centralized hashed data will be dumped and not leveraged at a later date.
That is the great thing about the API, the hashes are completely worthless to keep and stored only on your phone. I do not support a centralized app that does not use the Apple/Google API.

The problem is only a few states are actually using the API, most are using draconian tracking and identity information. On top of that, even if I did use my states app (which I will not unless they use the API) it is worthless if I travel. I will get no notification if I drive across State lines or someone else drives through using a contact tracing app.
Score: 2 Votes (Like | Disagree)
Read All Comments