New York Attorney General Asks Apple and Google to Vet Third-Party Contact Tracing Apps

by

Apple and Google have been asked by New York's Attorney General to do more to prevent sensitive health data from being collected by third-party contact tracing apps.

exposure notification cartoon
According to Business Insider, AG Letitia James sent letters to both companies and urged them to impose tighter restrictions on the apps if they are to be available in their app stores, following concerns that some of the apps have not been properly vetted.

"As businesses open back up and Americans venture outdoors, technology can be an invaluable tool in helping us battle the coronavirus," said Attorney General James. "But some companies may seek to take advantage of consumers and use personal information to advertise, mine data, and unethically profit off this pandemic. Both Apple and Google can be invaluable partners in weeding out these bad actors and ensuring consumers are not taken advantage of by those seeking to capitalize on the fear around this public health crisis."

James noted that the privacy-centric exposure notification technology that Apple and Google developed isn't being used by all contact tracing apps. As such, she is urging the two companies to commit to greater oversight by only allowing apps affiliated with federal or state public health agencies to collect personal health data.

The hope is that by prohibiting third-party contact tracing apps from collecting personal data, it won't be used for targeted advertising or for identifying anonymous users.

James wrote that third-party apps should be required to delete personal health information on a rolling 14-day basis, and that the companies' respective app stores should disclose which apps were launched by governments and which are made by private developers.

"Consumers should always check with the Apple App Store or Android Play Store for information on what entity operates the app and whether the app collects geolocation information or other data," cautioned James.

According to the report, Apple and Google have until June 19 to acknowledge the Attorney General's letter.

Tags: COVID-19 Coronavirus Guide, Exposure Notification Guide

Popular Stories

iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
Read Full Article117 comments
airtag purple

AirTag 2 Rumored to Launch Next Year With These New Features

Sunday November 17, 2024 5:18 am PST by
Apple released the AirTag in April 2021, so it is now three over and a half years old. While the AirTag has not received any hardware updates since then, a new version of the item tracking accessory is rumored to be in development. Below, we recap rumors about a second-generation AirTag. Timing Apple is aiming to release a new AirTag in mid-2025, according to Bloomberg's Mark Gurman....
Read Full Article95 comments
Magic Mouse Next to Keyboard

No, Apple CEO Tim Cook Didn't Say He Prefers Logitech's MX Master 3 Over the Magic Mouse

Sunday November 17, 2024 3:03 pm PST by
While the Logitech MX Master 3 is a terrific mouse for the Mac, reports claiming that Apple CEO Tim Cook prefers that mouse over the Magic Mouse are false. The Wall Street Journal last month published an interview with Cook, in which he said he uses every Apple product every day. Soon after, The Verge's Wes Davis attempted to replicate using every Apple product in a single day. During that...
Read Full Article327 comments
Generic iOS 18 Feature Real Mock

Apple Releases iOS 18.1.1 and iPadOS 18.1.1 With Security Fixes

Tuesday November 19, 2024 10:10 am PST by
Apple today released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.1.1 and iPadOS 18.1.1 come three weeks after the launch of iOS 18.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for...
Read Full Article28 comments
at t turbo indicator iphone 16 pro max v0 8hrh7w5f3w1e1

AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers

Wednesday November 20, 2024 3:42 am PST by
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence. Image credit: Reddit user No_Highlight7476 The Turbo feature provides enhanced network performance through ...
Read Full Article89 comments
iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Rumored to Surpass iPhone 6 as Thinnest iPhone Ever

Monday November 18, 2024 1:07 pm PST by
In a research note with Hong Kong-based investment bank Haitong today, obtained by MacRumors, Apple analyst Jeff Pu said he agrees with a recent rumor claiming that the so-called "iPhone 17 Air" will be around 6mm thick. "We agreed with the recent chatter of an 6mm thickness ultra-slim design of the iPhone 17 Slim model," he wrote. If that measurement proves to be accurate, there would be ...
Read Full Article155 comments
bug security vulnerability issue fix larry

Make Sure to Update: iOS 18.1.1 and macOS Sequoia 15.1.1 Fix Actively Exploited Vulnerabilities

Tuesday November 19, 2024 10:52 am PST by
The iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1 updates that Apple released today address JavaScriptCore and WebKit vulnerabilities that Apple says have been actively exploited on some devices. With the JavaScriptCore vulnerability, processing maliciously crafted web content could lead to arbitrary code execution. The WebKit vulnerability had the same issue with maliciously crafted...
Read Full Article69 comments

Top Rated Comments

Ritsuka Avatar
Ritsuka
58 months ago

Apple should have never gotten into this absolute BS.

Now they have to live with it.

Actually what Apple needs to do is to allow alternative app stores. Remove stupid tracking hooks from iOS - idiots who want to contact trace everyone can then install apps that do it, and normal people can then ignore it.

Since when was Apple a company that tracks and traces its customers anyway? They spent decades building up a reputation for privacy just to throw it all away over the flu? ?‍♂️
Did you even spend two seconds to check how Apple and Google contact tracing works? First, it's totally local, nothing is sent to a server, and an app developer can't change the way it works. Second, an app needs a special entitlement to use it, and Apple gives it to only one per country, so there is no way for a third-party developer to use it (and use it for what, to store the contacts locally in a way they can't even be read back?). Third, it needs an actual app installed to work, so if you don't install anything it won't magically start to locally track contacts in a way no one will be able to read.

Plus on iOS Apple contact tracing API is the only way to track bluetooth contacts in background.

I would worry more about your cellphone carrier selling your phone location to everyone that asks in the USA, or people posting photos with GPS info…
Score: 19 Votes (Like | Disagree)
phenste Avatar
phenste
58 months ago

Yeah Apple totally cares about your privacy: this after opening just 3 Apps in one minute:

Forgive me, but—what is the point you mean to make here? I’m guessing (big guess) that these are ad trackers/analytics from third party apps. Those are not things Apple would be within their bounds to restrict; those are the exact ways some third-party companies make money outside the 30% ecosystem. (If I’m not mistaken. I’m asking these questions precisely because I am super ignorant to what the meaning of this message is.)

Attachment Image
Score: 6 Votes (Like | Disagree)
Tekguy0 Avatar
Tekguy0
58 months ago

Forgive me, but—what is the point you mean to make here? I’m guessing (big guess) that these are ad trackers/analytics from third party apps. Those are not things Apple would be within their bounds to restrict; those are the exact ways some third-party companies make money outside the 30% ecosystem. (If I’m not mistaken. I’m asking these questions precisely because I am super ignorant to what the meaning of this message is.)
I think Apple is within their bounds to restrict this, but they chose not to. A rule for apps for iOS 14 could be that you must use a new, built-in analytics kit, and that all third-party analytics and tracking networks (including for ads) are no longer allowed. Seeing scorecard research in that screenshot is especially scary, since it collects browsing data.
Score: 4 Votes (Like | Disagree)
Ritsuka Avatar
Ritsuka
58 months ago

Except, Apple built this right into iOS 13.5 and beyond. So if a customer want to choose not to have the tracing, their option would be stay on iOS 13.4.1, unfortunately.
That's not it works. For the bluetooth contact tracing to work you have to manually install one of the few apps (one per country) available, and manually enable it. And even when enabled, the contact list is stored locally on your iPhone, and no one will be able to access it, and the contacts are stored as alphanumeric identifier, and each phone identifier changes after 15 minutes or so, so it's completely useless for everything else.
Score: 3 Votes (Like | Disagree)
itsmilo Avatar
itsmilo
58 months ago
All this tracking spyware that is part of basically any app should be illegal or at least easy to be disabled manually.

when I see all the outgoing ad connections that apps try to send makes me cringe.
Score: 2 Votes (Like | Disagree)
Dainin Avatar
Dainin
58 months ago

I don't think the answer is going federal — keeping it local/state has many benefits and allows the opportunity to phase out per region. The issue is using a proper back end and one with a high level of data security and most important (I feel) I trust Apple/Google more than I do the government at the moment that this centralized hashed data will be dumped and not leveraged at a later date.
That is the great thing about the API, the hashes are completely worthless to keep and stored only on your phone. I do not support a centralized app that does not use the Apple/Google API.

The problem is only a few states are actually using the API, most are using draconian tracking and identity information. On top of that, even if I did use my states app (which I will not unless they use the API) it is worthless if I travel. I will get no notification if I drive across State lines or someone else drives through using a contact tracing app.
Score: 2 Votes (Like | Disagree)
Read All Comments