Covid app leaking personal data to Google, says Trinity researchers
Trinity College researchers say software required for the HSE’s Covid Tracker app amounts to “corporate surveillance”.
They and the Irish Council for Civil Liberties say it is concerning that the government are encouraging people to use the service without demanding more transparency about the data from Google and Apple.
Professor Douglas Leith and Dr Stephen Farrell, of Trinity College Dublin, discovered that Google Play Services sends highly sensitive personal data to Google servers every 20 minutes and this potentially allows for IP address-based location tracking of the phone.
Even where users turn Google Play Services off, data is still collected which is possibly in breach of GDPR.
Professor Leith says he is very concerned by these revelations.
This is extremely troubling from a privacy viewpoint, and of course it goes way beyond the HSE contact-tracing app.
"Governments and public health authorities are strongly encouraging their entire populations to use these apps.
“In a sense they are pressurising their entire populations to take part in this corporate surveillance. We think they should be telling Google to immediately fix this problem.”
Dr Stephen Farrell says the amount of data being gathered by the Google Play system would surprise even tech experts.
"I certainly think that people are not well enough informed, I couldn’t hazard a guess as to how many people who find this problematic when they discover it.
“It is not well known and it is not even hugely well known among app developers that this level of intrusion is happening inside the Google Play Store application.”