Survey results that the new coronavirus infection tracking application is transmitting location information etc.
Jumbo Blog: Your privacy is everything to us
North Dakota's contact-tracing app shares location data
The issue has been pointed out to the official North Dakota COVID-19 tracking app, Care19 . According to a Jumbo Privacy survey, Care19 sends 'device location' to Foursquare , a major location data provider, 'advertising ID' to Foursquare and Google, and 'device name' to remote log collection service Bugfender . It became clear. Below is some of the information we are sending to Foursquare. The 'll' item is the device location information and the 'userinfo' is a random ID assigned by Care19.
The 'adid' has been sent to Foursuqare and Google. According to Junbo Privacy, the advertising ID is an identifier shared by all apps on the device, and it is often leaked along with personal information. In one example, the Facebook SDK, which is used in a large number of application and sends the ad ID on the server, personal information and advertising ID on Facebook
In addition, Care19 is sending 'device name' to Bugfender. If you look at the image below, you can see that the 'name' in the 'device' item contains the device name 'Jan's iPhone' and the device you are using. Users who use their own names or other names as device names are at risk of personal identification by leaking device names.
Similarly, the device-specific ID 'device ID' is also sent to Bugfender. In the image below you can see that the information being sent to Bugfender includes a 'device_id'.
Care19 will use the ' new coronavirus infection notification API ' developed by Apple and Google in a future update. Apple and Google's new Coronavirus Infectious Disease Contact Notification API prohibits tracking user location.
Prohibiting tracking of location information in apps that implement the `` new corona virus tracking system '' of Apple and Google-GIGAZINE