What you need to know
- North Dakota's contact tracing app is sharing user data without their knowledge.
- Privacy company Jumbo reported that the app shares user location data.
- Data is being shared with Foursquare and Google.
North Dakota is one of the first states in the U.S. to release its own contact tracing app, Care19. While the app says that it does keep its user's information private, it appears that it may not be true. Jumbo, the creators of the Jumbo privacy app, has discovered some concerning data-sharing practices that its CEO shared in a blog post.
"Today, we are sharing our first privacy review about Care19, the contact tracing app made by the state of North Dakota (US). We hope that these findings will help the health agencies that are currently working on similar apps to make sure privacy is respected."
The first thing that the company found was that, while the app only stores data on the servers of the company who built the app, it is also sharing user location data with Foursquare.
The second thing that the company found was that the anonymous code that identifies you is was also being transmitted to Foursquare, as well as Bugdefender and Google.
"Third parties that we use (Foursquare, Google Firebase, and Bugfender) may have temporary access to aspects of your data for their specific data processing tasks. However, they will not collect this data in a form that allows themselves or others to access or otherwise use this data."
Apple and Google, in contrast, have just released their API for Exposure Notification that does not collect user location data and uses Bluetooth instead.