Popular Articles
Today Week Month Year


Google sued over coronavirus contact tracing apps that may expose users to data breach
By Virgilio Marin // Apr 30, 2021

Google is being sued over a security flaw in Wuhan coronavirus (COVID-19) contact tracing apps that use a key technology it co-developed with Apple. The lawsuit alleges that the security flaw exposes Android users' personal information to scores of third parties.

Brighteon.TV

Plaintiffs Jonathan Diaz and Lewis Bornmann filed the class-action lawsuit on April 27, Tuesday, in California federal court. The pair argued that Google's implementation of the technology, which is known as the Google-Apple Exposure Notifications (GAEN) system, violated the California Confidentiality of Medical Information Act, as well as the state's common law and constitutional privacy rights.

The two tech giants rolled out the system last year to assist public health authorities in tracking the spread of COVID-19. GAEN acted as a framework for authorities to build their contact tracing apps.

It works by generating a unique identifier for each Android or Apple device and then transmitting these via Bluetooth to other nearby devices. Apps that use the system can then notify users if they came in close contact with a user who tested positive for the virus.

Google assured that it put protections in place to safeguard sensitive data. In particular, they said that the personal device identifiers change periodically as they were broadcast to other devices and should only be traceable to the user with a "key" held by public health authorities.

But the suit claimed that the tech giant undermined these protections by allowing Android users' personal and medical information to be stored on a device's system logs, which dozens to hundreds of third parties could access. (Related: Amazon’s new Key device already hacked by security researchers, highlighting security flaws.)

The case also argued that Google did not notify affected users even after it became aware of the vulnerability.

"To date, Google has failed to inform the public that participants in GAEN have had their private personal and medical information exposed to third parties, who in the ordinary course of business may access the system logs from time to time, or that Google itself may access these logs," the suit read.

Apple was not named in the suit and there was no indication that Apple users' personal information could be exposed.

Class-action lawsuit seeks to represent users affected by data breach

Dozens of states have adopted the technology, including California, New York, Michigan, Virginia, Utah and Pennsylvania. According to the lawsuit, more than 28 million people in the United States downloaded contact tracing apps that use GAENS. California's version of app, which is called CA Notify, was installed in a million Android devices and around 8.5 million Apple devices.

The plaintiffs sought to represent a nationwide class of Android users who activated a contract tracing app that use GAEN, as well as a separate subclass comprised of California residents. In their suit, the pair demanded that Google fix the security flaw and pay damages.

Google spokesperson Jose Castaneda said in response to the lawsuit that GAEN uses "privacy preserving technology" and that neither Google, Apple nor other users can use the system to identify individuals. He added that the matching happens only on devices.

"These Bluetooth identifiers do not reveal a user's location or provide any other identifying information and we have no indication that they were used inappropriately, nor that any app was even aware of this," Castaneda told Law360.

But the spokesperson also said that the tech giant was patching an issue: "We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some preinstalled applications for debugging purposes … We reviewed the issue, considered mitigations, updated the code and are ensuring the fix is rolled out to users."

Follow PrivacyWatch.news to learn more about how contact tracing apps and other related technologies leave users vulnerable to data theft.

Sources include:

DailyMail.co.uk

Law360.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.