At any point of the digital transition,…
The Android versions of Google and Apple’s COVID-19 disclosure warning applications have a privacy loophole that allows other pre-installed apps to see confidential details, like whether anyone has been checked for COVID-19, according to the privacy research firm AppCensus. Strong people have spoken with each other. Google responded by saying it was working on a patch as soon as it received the information.
This flaw goes against Google CEO Sundar Pichai’s, Apple CEO Tim Cook’s, and many public health officials’ assurances that the information gathered by the exposure warning service will not be exchanged outside of personal computers.
AppCensus first disclosed the problem to Google in February, according to The Markup, but the firm was unable to fix the problem. “Fixing the issue is as easy as deleting a few redundant lines of coding,” Joel Reardon, co-founder and head of forensics at AppCensus, told The Markup. “Obviously there is a very quick repair process,” Reardon said. “I am shocked they did not do this.”
In an email to The Markup, Google spokesperson José Castaeda said: “Bluetooth identifiers can be momentarily used for debugging purposes by particular system-level programs, according to an issue we learned about. We started rolling out a solution right away. To resolve this problem.”
The exposure warning system works by sending an anonymous Bluetooth signal between the user’s cell phone and other phones that have triggered the system. If anyone tests positive for COVID-19 using the software, they will coordinate with the health department to deliver a warning to any phone that has the associated signal stored in its memory.
Tracking data is saved in the privileged device memory on Android phones, and much of the applications running on the handset is unavailable. The manufacturer’s pre-installed programs, on the other hand, have unique device permissions that give them access to these logs, placing confidential touch monitoring data at risk. However, no evidence exists that any program presently gathers this information.
Pre-installed apps have previously made use of their exclusive permissions. They also gather data such as geographic location information and cell phone contacts, according to polls, but the study report found no related issues with the iPhone’s exposure warning system.
In a tweet on Twitter, Serge Egelman, the chief technical officer of AppCensus, said that while this is an implementation problem rather than a bug in the exposure warning process, it does not undermine confidence in public health technology. The lesson we aim to convey is that dealing with privacy problems correctly is extremely difficult. The system’s flaws will still be revealed, so it is in everyone’s best interests to work together to fix them.