Hacker News new | past | comments | ask | show | jobs | submit login
Privacy Review: North Dakota's Contact Tracing App 'Care19' leaks data to Google (jumboprivacy.com)
2 points by aspenmayer 13 days ago | hide | past | web | favorite | 1 comment

tl;dr: The Care19 app [1] leaks advertising ID and/or location data to Foursquare and Google [2]

'The Care19 privacy policy indicates that “Your data is identified by an anonymous code.” We were able to validate that the app, indeed, uses an anonymous code (in the format of US-84825167-5 or something similar). However, our research has found that the anonymous code was transmitted to:

'Foursquare, along with the phone’s Advertising Identifier.

'Bugfender, along with the phone’s Name (probably including your first name)'

'Our research also shows that Google (via Firebase) also receives the IDFA.'

[1] https://ndresponse.gov/covid-19-resources/care19

In the news:


Original title lacked context. It was:

Jumbo Privacy Review: North Dakota's Contact Tracing App

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact