Privacy concerns raised over contact tracing app on Android phones

Privacy concerns raised over contact tracing app on Android phones

Computing experts have raised serious privacy and data harvesting concerns relating to Google software running on the phones of all Android smartphone users who want to use Ireland’s COVID-19 contact tracing app.

Professor Douglas Leith, chair of computing systems at Trinity College Dublin, and his colleague Dr Stephen Farrell have said that software which is preinstalled on most Android phones leads to significant data collection.

The software in question, “Google Play Services”, can be disabled by users but must be enabled in order to use the COVID-19 contact tracing app.

The data shared with Google servers by the software reportedly includes long-term, unchangeable identifiers of the phone users, including their phone’s IP address, WiFi MAC address, International Mobile Equipment Identity (IMEI) number, SIM serial number, phone number and Gmail address, as well as fine-grained data from other, potentially sensitive apps, such as banking, dating or health apps.

The two scientists said they made the discovery while examining the privacy of the Google/Apple Exposure Notification (GAEN) service, the technology which allows public health contact-tracing apps, including that of the HSE, operate across both Android phones and iPhones.

“This is extremely troubling from a privacy viewpoint, and of course it goes way beyond the HSE contact tracing app,” Professor Leith said.

“But given that governments and public health authorities are strongly encouraging their entire populations to use these apps, and hence are (wittingly or not) pressurising their entire populations to take part in this corporate surveillance, we think they should be telling Google to immediately fix this problem. This level of intrusiveness is simply incompatible with a recommendation for population-wide usage.”

Elizabeth Farries, director of the information rights programme at the Irish Council for Civil Liberties (ICCL), said: “The HSE has been celebrated in Ireland and beyond for its transparent approach to developing the COVID tracker app.

“However, Google Play Services represent a significant component of the app which is completely opaque – to users and the HSE themselves. Most people, even app developers, are unaware of this level of invasiveness.

“Without the independent research of these TCD scientists members of the public would not have known that Google is capturing via dragnet significant personal information of all Android app users – with or without the Covid Tracker app.”

ICCL flagged concerns about transparency surrounding Google and Apple’s involvement in the HSE app in person with the previous Minister for Health.

In its submission to the COVID-19 Oireachtas Committee, it called on the government to “push for international companies such as Apple and Google to be completely transparent about how their COVID tracking software works”.

Share icon
Share this article: