Skip to main content

North Dakota’s COVID-19 app is sharing user data with Foursquare and Google

North Dakota’s contact-tracing digital solution has been violating its privacy policy by sharing sensitive user data with third-parties, smartphone privacy company Jumbo Privacy found in an investigation. The state’s Care19 app, which is one of the first contact-tracing apps to debut in the United States, is covertly transmitting location information to the search and discovery platform, Foursquare, and the phone’s unique Advertising ID to Google.

In addition, the anonymous code that the app assigns to individuals and is exchanged with phones it comes in contact with to notify them when they’re exposed to an infected person is sent to Foursquare and Bugfender, a Barcelona-based diagnostics software maker.

Care19 is developed by ProudCrowd, a company that’s also responsible for the state’s location-based social networking service. As per the app’s official website, it “anonymously caches the individual’s locations throughout the day” and only stores information of places “a person visits for 10 minutes or more.”

While the rest of the data that’s being shared like the Advertising ID may seem harmless, it can prove rather detrimental to your privacy. This information is unique to you and is available to nearly every app installed on your phone. That enables advertising platforms such as Google to track you across various third-party services and is a common loophole tech companies take advantage of to snoop on your digital activities.

The Care19 privacy policy says that the “location data is private to you and is stored securely on ProudCrowd, LLC servers” and it will not be “shared with anyone including government entities or third parties, unless you consent or ProudCrowd is compelled under federal regulations.”

In a statement to FastCompany, ProudCrowd, and Jennifer Skjod, a public information officer for North Dakota confirmed the presence of these entities.

While the location data is transmitted to facilitate Foursquare’s services which are used to determine businesses nearby to your location, the random ID wasn’t supposed to be shared and the company plans to remove it. “Foursquare does not allow them to collect Care19 data or use it in any form,” it added. On top of that, Care19 users will soon have the option to opt-out of Bugfender’s diagnostic data collection.

ProudCrowd founder Tim Brookins also told FastCompany that it will be updating the app’s privacy policy to explicitly “call this out in some additional detail and also name the third party (Google Firebase).”

Privacy is one of the fundamental concerns experts have raised against contact-tracing apps and warned that proactive data collection can lead to incidents such as these. Interestingly, North Dakota is one of the first states to adopt Apple-Google’s contact-tracing tech. Since Google and Apple won’t officials to collect or store location data, the state says it plans to maintain two separate contact-tracing apps, Care19 Diary, which will keep tabs on a person’s location history, and Care19 Exposure, which will be based on the Apple-Google API to alert users of exposure through Bluetooth.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Off-Facebook Activity: How to control the private data apps and sites share with Facebook
mark zuckerberg deepfakes aspen ideas festival facebook hosts annual f8 developer conference in san jose

Facebook finally introduced a tool that allows you to control and limit the data that third-party apps and websites share with the social media giant -- a feature that should help improve Facebook's much-criticized stance on privacy.

While not quite the “Clear History” tool that CEO Mark Zuckerberg promised in 2018, the new Off-Facebook Activity tool should help you disable some of the ways that Facebook and advertisers track your activity around the web.

Read more
Google was sharing Android user location data with carriers worldwide
Android

Amid growing privacy concerns from the public and in line with its own privacy initiatives, Google quietly shut down a two-year-long data-sharing service it had with cellular carriers in April, Reuters reports.

Google’s “Mobile Network Insight Service” gave aggregated, anonymous data on the cellular signal strength and connection speeds relative to customer location. This map served as an important reference for carriers as about 75% of the world’s smartphones run Android.

Read more
Twitter sorry for mistakenly storing and sharing some users’ location data
#womenboycotttwitter

Twitter revealed on Tuesday, May 14 that it inadvertently collected location data from some of its users and shared it with an advertising partner. The bug has now been fixed.

The company declined to reveal how many people had been affected, and how long it had been collecting the data. The name of the partner was also withheld. It did, however, offer some details on the nature of the bug, as well as information on which users may have had their location data exposed.

Read more