Apps

When Google and Apple announced their joint platform for contact tracing, the companies said the system would not track users’ locations. By mid-July, the resulting apps had been downloaded more than 20 million times in companies such as Germany and Switzerland. However, in order for Bluetooth
28 Apr 2020
An audit of two apps and a website used by national and local governments in Colombia finds: an absence of public information about the tools, how they work, or how their security and privacy is protected; non-compliance with Colombia’s data protection legal framework, particularly in the area of
02 Aug 2020
The French data protection authority, CNIL, has examined the French contact tracing app and ruled that it is not fully compliant with the provisions of GDPR and the French data protection law. CNIL’s primary complaint was that the app transferred the news that a user had been infected to all their
25 May 2020
Anger spread across Chinese social media after officials in the eastern city of Hangzhou suggested they would create a permanent version of its smartphone-based health rating app, developed with help from Alibaba, to curb coronavirus spread. Shortly before, Baidu’s chief executive proposed new rules
17 Jun 2020
Thousands of Muscovites ordered to download a hastily-developed app to enforce their quarantine report that they have been wrongly geolocated and fined and that the app has trapped them into compliance criteria that are impossible to meet. The app, which demands an exceptionally broad range of
09 Jun 2020
Russian authorities are considering introducing an app that migrant workers will be required to download when they enter the country. Leaked details indicate that the app would contain detailed biometric data, health status, police records, and a “social trustworthiness” rating. It’s unclear whether
19 May 2020

Security researchers have found seven problems with the NHSx contact tracing app including: weaknesses in registration that could allow attackers to steal encryption keys; storing unencrypted data on handsets; generating a new random ID code only once a day; and design decisions with respect to Bluetooth connections that could enable tracking. These questions are independent of whether the app is centralised or decentralised.

Writer: BBC; Chris Culnane and Vanessa Teague
Publication: BBC; State of IT
 

30 Apr 2020
INTERNETLAB offers an extensive analysis of all the eight different Covid-19 related apps being discussed in Brazil at the moment. Apps were rated according to four parameters: consent, need, transparency and security. Besides this, the organisation takes a look into what permissions which app has
21 May 2020

In an analysis, the smartphone privacy company Jumbo Privacy finds that Care19, North Dakota's official COVID-19 contact tracing app, sends latitude and longitude data and a unique user advertising identifier to Foursquare and other data to Google servers and the bug-tracking Bugfender. The app's privacy policy does not disclose this third-party sharing. The app development company, ProudCrowd, said it would update the privacy policy and that the data-sharing agreement does not allow Foursquare to collect or use the Care19 data beyond returning the names of nearby businesses. North Dakota officials say future versions of the app will incorporate Apple-Google's new Exposure Notification API.



Writer: Steven Melendez
Publication: Fast Company

 

02 May 2020
At least 27 countries are using data from cellphone companies to track the movements of their citizens, and at least 30 have developed smartphone apps for the public to download. Fewer objections have been raised in countries with greater levels of success in containing the virus. However, although
30 Apr 2020
Sweden's Lund University has launched an app intended to map the spread of the coronavirus across Sweden, a localised version of the JoinZOE COVID Symptom Tracker app pioneered in the UK, which the researchers believe could be coupled with seroprovalence testing in order to develop an accurate map
30 Apr 2020
The central Thailand province of Chachoengsao has launched Mor Channa, a COVID-19 tracking mobile phone app, to help individuals assess whether they are in a high-risk area for COVID-19. Energy Absolute PLC, one of the companies that helped develop the app, believes that the app's tracking system
19 Apr 2020
Turkey's Health Ministry has launched a smartphone app that allows people to self-report symptoms, provides information on nearby hospitals, pharmacies, supermarkets, and public transport stops, detects if the user has come into contact with others who pose a risk, and provides up-to-date
17 Apr 2020
Abu Dhabi’s Department of Health has released a new mobile app, "Stay Home", to ensure those asked to self-quarantine are abiding by the isolation rules. Everyone subject to quarantine is expected to download the app and create a user name and password; the user must also grant access to camera
13 May 2020
More than 3 million people in the UK have downloaded the JoinZoe COVID Symptom Tracker, which was designed by doctors and scientists at King's College London, Guys and St Thomas' Hospitals working in partnership with the health science company ZOE Global Ltd and endorsed by governments and NHS in
10 Apr 2020
Apple and Google have announced a partnership to enable governments and health agencies to use Bluetooth for proximity-based contact tracing to help reduce the spread of the novel coronavirus while preserving user privacy and security. The effort is due to begin with the May release of APIs that
30 Mar 2020
Learning from countries like South Korea, government of the Indian state Karnataka has assigned its ten-member COVID-19 task force, which includes IAS officers with expertise in the fields of technology, medicine and healthcare, to develop a system to the approximately 40,000 people who visited
27 Mar 2020
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user
14 Mar 2020
On March 14, the Peruvian government set up a website for individuals to check their symptoms so they can be directed towards sources of help. The web form asks for ID number, phone, email and home address. Source: https://www.gob.pe/coronavirus Writer: Peruvian government Publication: Peruvian
21 Mar 2020
The self-testing web app issued by Argentina's Secretariat of Public Innovation asks for national ID number, email and phone as mandatory fields in order to submit the test. The Android version requires numerous permissions: calendar, contacts, geolocation data (both network-based and GPS)
17 Mar 2020
At the MIT Media lab, Ramesh Raskar is leading a team that includes software engineers at companies such as Facebook and Uber to develop the free and open source app Private Kit: Safe Paths. The app is intended to share encrypted information between phones in the network without going through a
22 Mar 2020
After Asian countries used mass surveillance of smartphones to trace contacts and halt the spread of the coronavirus, Western countries such as the UK and Germany are trying to find less-invasive ways to use phones to collect and share data about infections that would work within data privacy laws
19 Mar 2020
Facebook's scientists are analysing location data about compliance with social distancing recommendations in various countries using information from a private vault of location information its apps have collected. The analysis shows that only "very modest" changes in habits in the US, France, and
19 Mar 2020
Researchers at the University of Oxford are working with the UK government on an app similar to the smartphone tracking system China developed to alert people who have come in contact with someone infected with the coronavirus. The British app, which would be associated with the country's National
19 Mar 2020
The Polish government has developed the free Home Quarantine app for both iPhone and Android, which allows the police to check that individuals do not break quarantine; those who do may be fined up to PLN 5,000 and also offers support to those who are quarantined. Once users activate the app by
18 Mar 2020
Technology entrepreneurs within Belgium would like to introduce a health code app similar to China's Alipay Health Code that would control individuals' movements based on their health status. The government has engaged privacy experts from the Belgian data protection authority and Ghent University
17 Mar 2020
Thailand's National Broadcasting and Telecommunication Commission (NBTC) provided a SIM card to every foreigner and Thai who had travelled from countries that have have been designated as "high risk" for COVID-19 infections (at the time, China, Hong Kong, South Korea, Italy, and Macau). According to
06 Mar 2020
With 6,300 COVID-19 cases and more than 40 reported deaths, the South Korean government launched a smarphone app (Android first, iPhone due on March 20) to monitor citizens on lockdown as part of its "maximum" action to contain the outbreak. The app keeps patients in touch with care workers and uses
10 Mar 2020
After the Iranian government produced the AC19 Android app, intended to help people self-diagnose rather than going to a hospital, Google pulled it from the Play Store apparently suspecting that the app made the misleading claim that it could detect COVID-19 infections although it is also true that
11 Mar 2020
A Hamburg geotracking startup called Ubilabs is working with the Hannover School of Medicine on a data analysis platform that could track people who have tested positive for the coronavirus and their contacts, Der Tagesspiegel reported on Tuesday; this type of tracking would require individuals'
09 Mar 2020
Colombia's has launched the free, Android-only, prevention-focused Colombia-Coronapp developed by the National Health Institute (INS) to help identify and eradicate the virus across the country, as well provide centralisation and transparency. Besides their basic information, users are asked to say
01 Mar 2020
Software on smartphones dictates whether an individual should be quarantined. Chinese citizens in 200 cities, beginning with Hangzhou, are required to install the Alipay Health Code app, developed by Hangzhou's local government with the help of Alipay owner Ant Financial, on their smartphones. After
01 Mar 2020
A group of independent developers in Argentina started CoTrack, a public crowdsourced effort to develop an app to track and slow the spread of the virus. CoTrack registers each user's geographic movements and looks for times when they are close to people who have been diagnosed with COVID-19. When
01 Mar 2020
Software on smartphones dictates whether an individual should be quarantined. Chinese citizens in 200 cities, beginning with Hangzhou, are required to install the Alipay Health Code app, developed by Hangzhou's local government with the help of Alipay owner Ant Financial, on their smartphones. After
The pregnancy apps many women were using in December 2018 proved to be incapable of handling miscarriages, even though up to 20% of all known pregnancies end this way. There are only two choices: allow the apps to continue sending alerts celebrating the pregnancy's progress or delete the pregnancy
31 Jul 2019
The Lumi by Pampers nappies will track a child's urine (not bowel movements) and comes with an app that helps you "Track just about everything". The activity sensor that is placed on the nappy also tracks a baby's sleep. Concerns over security and privacy have been raised, given baby monitors can be
21 Feb 2019
In August 2018, Apple forced Facebook to remove its Onava VPN from the App Store because the Facebook had been using it to harvest data across multiple apps and track user activity. In January 2019, a TechCrunch investigation revealed that in a separate part of the same programme Facebook had been
29 Jan 2019
In January 2019 Apple briefly disabled the group functionality in its FaceTime video calling application after bug was discovered that allowed users to listen on the people they were calling when they did not pick up the call and also allowed some callers to see video of the person they were calling
14 Dec 2018
In December 2018 Facebook revealed that over a 12-day period in September a software bug may have wrongly allowed about 1,500 third-party apps to access 6.8 million users' photos, including some that people began uploading to the social network but didn't go on to finish posting. EPIC executive
21 Feb 2019
In February 2019, a faulty firmware update meant that Nike's latest $350 Adapt BB self-lacing shoes could not pair with the app that allows owners to adjust their tightness, customise the lights, and check remaining battery life. Because the shoes have no physical laces, the error effectively made
07 Feb 2019
In February 2019, publicity led the gay dating app Jack'd, which claimed to have more than 5 million users and was ranked among the top four gay social apps on both Apple and Android, to close a security flaw that meant that photos users uploaded to share in private chat sessions were accessible to
04 Feb 2019
In February 2019, the cybersecurity company Trend Micro found that at least 29 beauty and photo editing apps that had been downloaded more than 4 million times from Google's Play Store included code that pushed full-screen ads for fraudulent or pornography content or that directed users to phishing
24 Jan 2019
By January 2019, more than 100 million women worldwide were using smartphone apps that began as period-tracking apps but were beginning to branch out into tracking other types of health data - and also to broaden their use of the data they collect in search or profit. Unlike medical establishments
10 Aug 2017
In the lead up to the German elections, the conservative Christian Democratic Union (CDU) created a mobile app, Connect 17, which was designed to create a feedback loop between party headquarters and door-to-door volunteers (also known as canvassers). The app drew on data from the federal statistics
20 Dec 2017
During the primary elections in November 2016, the former French president, Nicolas Sarkozy, reportedly used an app, called Knockin, that made it possible to identify and geolocate supporters for door-to-door campaigning. Based on a report by the French Radio RMC, the app would harvest public data
13 Jun 2018
In June 2018 Apple updated its app store policies to bar developers from collecting information from users' address books and selling it on. While some apps have a legitimate need to access users' contacts, collecting information unnecessarily is a common money-making tactic. How many apps were
30 Jun 2018
In 2018, the Spanish La Liga app was found to be using the microphone and GPS to clamp down on bars infringing copyright by broadcasting matches without paying. Granting the app the permissions it requests at installation to access the mic and GPS location allows it to turn on the mic at any time
28 May 2018
In 2018, an investigation found that children as young as nine in Hong Kong were exposing their identities online via Tik Tok, the most-downloaded iPhone app for creating and sharing short videos. Both Tik Tok and its sibling app Musical.ly, which is popular in Europe, Australia, and the US and
11 May 2018
In 2018, the Brazil-based Coding Rights' feminist online cybersecurity guide Chupadados undertook a study of four popular period-tracking apps to find which best protected user privacy. Most, they found, rely on collecting and analysing data in order to be financially viable. The apps track more
23 Aug 2018
In 2018, changes to Apple's rules for data collection led Facebook to withdraw its Onavo Protect VPN app from the app store. The app's function was to warn users when they were visiting potentially harmful websites and protected their data when using public wifi. However, the app also collected data
20 Aug 2018
In August 2018 the US Food and Drug Administration approved the first over-the-counter digital contraceptive, an app called Natural Cycles. The app, which analyses basal body temperature readings and monthly menstruation data to determine whether unprotected sex is likely to lead to pregnancy
12 Sep 2018
In September 2018, the attorney general of the US state of New Mexico filed suit against Lithuania-based Tiny Lab Productions claiming that the maker of the children's app Fun Kid Racing had violated the Children's Online Privacy Protection Act (1998) by collecting location and other data about the
17 Jul 2018
In July 2018 the three-year-old payment system Revolut notified the UK's National Crime Agency and the Financial Conduct Authority that it had found evidence of money laundering on its system. From its beginnings as a prepaid credit card operator, Revolut had branched out into small business
17 Jul 2018
In 2018, the Berlin-based researcher Hang Do Thi Duc concluded after analysing more than 200 million public transactions made in 2017 that anyone can track the purchase history of a user of the peer-to-peer payment app Venmo. By accessing the data via an open API, Do Thi Duc was able to view the
29 Sep 2018
A flaw in the official 2018 UK Conservative Party conference app granted both read and write access to the private data of senior party members, including cabinet ministers, to anyone who logged in by second-guessing the email address they used to sign into the app. Twitter users claimed that one
29 Mar 2018
In March 2018, Indian Congress president Rahul Gandhi tweeted that the Naramendra Modi app issued by India's ruling Bharatiya Janata Party was leaking user data. The app is intended to spearhead BJP's social media strategy in the run-up to the 2019 general elections; the party hopes to use it to
01 Sep 2018
In September 2018, security researcher Patrick Wardle found that Adware Doctor, the top-selling paid utilities app in the US Mac App Store, was exfiltrating the browser history of anyone who downloaded it and sending it to a developer. Adware Doctor is intended to protect browsers against adware. A
25 Apr 2018
Police and blackmailers in Egypt are using gay dating apps like Grindr, Hornet, and Growlr to find targets tor arrest and imprisonment while the developers who can make changes are thousands of miles away and struggle to know what to change to protect their users. In a typical story, a target finds
04 Jul 2018
In 2018, military security officers from the Israeli Defence Force accused Hamas of loading fake World Cup and dating apps with malware and making them available via the Israeli version of the Google Play store in order to hack the mobile phones of Israeli soldiers. The apps were capable of
15 Oct 2018
In March 2018 the Palo Alto startup Mindstrong Health, founded by three doctors, began clinical tests of an app that uses patients' interactions with their smartphones to monitor their mental state. The app, which is being tested on people with serious illness, measures the way patients swipe, tap
23 Aug 2018
Facebook-owned Onavo VPN (adertised as a way to block harmful websites, and keep a user's data safe) is pulled from the Apple App Store due to tracking, collecting, and analysing customers' usage data, including from other unrelated apps. https://arstechnica.com/tech-policy/2018/08/facebook-violates
30 Mar 2018
Users downloading their Facebook histories have been startled to find that the company has been collecting call and SMS data. The company has responded by saying users are in control of what's uploaded to Facebook. However, the company also says it's a widely used practice when users first sign in
The CEO of MoviePass, an app that charges users $10 a month in return for allowing them to watch a movie every day in any of the 90% of US theatres included in its programme, said in March 2018 that the company was exploring the idea of monetising the location data it collects. MoviePass was always
The story began with the free Bylock messaging app, which was used between 2014 and 2016 and which the Turkish government associated with treason and followers of Fethullah Gülen, the group they believe was behind the attempted 2016 coup. The app was downloaded roughly half a million times and had
The popular app Citymapper, which began in London and has since expanded to New York, Paris, and Amsterdam, is a live journey planning application that integrates all available modes of transport. Providing this service allows Citymapper to collect vast amounts of data: where, when, and by what
14 Jan 2018
Police investigating the 2016 rape and murder of a 19-year-old medical student were unable to search the iPhone of suspect Hussein Khavari, an Afghan refugee who declined to give them his password. The investigators gained access to the phone via a private company in Munich, and went through Apple's
28 Feb 2018
In February 2018 Uber and the city of Cincinnati, Ohio announced the Cincinnati Mobility Lab, a three-year-partnership that will allow the city and the surrounding area in northern Kentucky to use Uber data for transport planning. Cincinnati, like many cities, is anxious to identify the impact of
02 Jun 2010
In 2010, Apple's then-CEO Steve Jobs revealed that the reason his company changed the rules in the written agreement it requires iPhone app developers to sign was due to a report published by the vice-president of the app analytics company Flurry, Peter Farago. In one of its monthly reports on app
29 Jan 2018
In November 2017, San Francisco-based Strava, maker of a GPS-enabled fitness app, published a heat map showing the activity of all its 27 million users around the world. Upon outside examination, the data visualisation, which was built from 1 billion activities and 3 trillion data points covering 27
In 2014, the UK suicide prevention group The Samaritans launched Radar, a Twitter-based service intended to leverage the social graph to identify people showing signs of suicidal intent on social media and alert their friends to reach out to offer them help. The app was quickly taken offline after
The Chinese company Tencent has issued a statement denying that it stores or analyses communications sent over WeChat, the country's most popular messaging platform after Geely Automobile chairman Li Shufu claimed there was no data privacy in China at a business forum. Shufu also claimed that
28 Dec 2017
In 2016, the US Federal Trade Coimmission issued a warning to app developers that had installed Silverpush, software that uses device microphones to listen for audio signals inaudible to the human ear that identify the television programmes they are watching. Nonetheless, similar technology
17 Dec 2017
"To the 53 people who’ve watched A Christmas Prince every day for the past 18 days: Who hurt you?" Netflix tweeted in December 2017. While the tweet did not contain any information that could have identified any of the 53 people, it still made many of those who saw it uncomfortable. A Christmas
Researchers at Princeton University have shown that a vulnerability identified 11 years ago in the password managers built into web browsers can be exploited to allow third parties to track users across more than a thousand websites. The attack depends on the managers' autofill capability, and works
07 Aug 2017
A federal class-action lawsuit filed in California in July 2017 alleges that in violation of the Children's Online Privacy Protection Act (COPPA) and without parental permission, the Walt Disney Company secretly collects personal information about some of its youngest customers and shares it
28 Nov 2017
In 2017, Grindr, which at the time was available in 192 countries, began implementing new privacyimplementing new privacy protection measures in order to help protect its users in anti-gay countries such as those in the Middle East and Africa. Among them: users will be able to to change the Grindr
25 Nov 2017
A recent study from the Yale Privacy lab and Exodus Privacy founds dozens of invasive trackers hidden in common Android apps. However, the method the researchers used, which involved writing code to expose the internal workings of the devices they tested, is legally barred under the US Digital
18 Oct 2017
Our usual image of online advertising is that we are one of millions whose data is being examined by a large, remote organisation - a government or major company. Research from the University of Washington has found that anyone equipped with time, determination, and a relatively small budget of $1
30 Oct 2017
Cracked Labs examines the impact on individuals, groups, and wider society of the corporate use of personal information as it feeds into automated decision-making, personalisation, and data-driven manipulation. On the web, companies track us via hidden software that collects information about the
15 Nov 2016
In 2015, security contractors at Kryptowire discovered that some cheap Android phones came with pre-installed software that monitors where users go, whom they communicate with and the contents of the text messages they write. Written by the China-based company Shanghai Adups Technology Company, the
23 Feb 2016
A 2016 study from the French Institute for Research in Computer Science and Automation found that in 95% of cases it takes as few as four of the apps users have installed on their smartphones to reidentify them within a dataset. Based on a study of 54,893 Android users over seven months, the
20 May 2016
In 2016, Nguyen Phong Hoang, a security researcher in Kyoto, Japan demonstrated that the location of users of gay dating apps such as Grindr, Hornet, and Jack'd can be pinpointed even when they have turned on features intended to obscure it - a dangerous problem for those have not come out publicly
30 Nov 2015
In 2015, a small number of Silicon Valley start-ups began experimenting with assessing prospective borrowers in developing countries such as Kenya by inspecting their smartphones. Doing so, they claimed, enabled them to charge less in interest than more traditional microlenders, since many of their
03 Mar 2016
In 2016, researchers affiliated with Verto Analytics and the Qatar Computing Research Institute published work in which they analysed the app usage and demographics of more than 3,700 people in order to find correlations. Based on the models they developed, they found they could predict a user's
25 Sep 2015
In a 2015 study of 79 apps listed in NHS England's Health Apps Library, which tests programs to ensure they meet standards of clinical and data safety, researchers at Imperial College London discovered that 70 of them sent personal data to associated online services and 23 sent that data without
20 May 2016
Uber has closely studied how dynamic pricing functions and when it's acceptable to users. One discovery is that round numbers signal haste and sloppiness where riders appear to believe that more precise numbers (for example, 2.1 instead of 2) have been carefully worked out by an algorithm. The
23 Apr 2017
For some months in 2017, in one of a series of high-risk missteps, Uber violated Apple's privacy guidelines by tagging and identifying iPhones even after their users had deleted Uber's app. When Apple discovered the deception, CEO Tim Cook told Uber CEO Travis Kalanick to cease the practice or face