The Care19 app, developed by ProudCrowd, of North Dakota, was one of the first contact tracing apps endorsed by state governments in response to the coronavirus. Governors from both states promoted it as a way to help health officials stop outbreaks and retrace the steps of people with infections, while assuring people that their data is protected. But tech privacy company Jumbo Privacy reported this week that developers included lines of code that send users' location and identification data to third-party companies including Foursquare, BugFender and Google.
Concerned citizens have been eyeing the tradeoff between controlling outbreaks using apps and intrusions on privacy. Civil liberty groups and tech watchdogs have warned about contact tracing apps, saying governments and companies should not be able to access personal data.
The Care19 app shared location data with Foursquare, an advertising company that markets to people based on their location.
ProudCrowd CEO Tim Brookins said his company sends data to Foursquare to determine which businesses a user has visited, but the data is discarded and not used for commercial purposes.
"The simple overarching fact here is that we have stated, and Foursquare has confirmed, that they have not, nor will not, collect data from Care19 users. Period,” Brookins said.
The app generates an anonymous code for every user. The Jumbo Privacy report noted that the code, along with the phone's identification, was sent to BugFender, a Barcelona-based company that helps developers track malfunctions. The app also sent an advertising identifier linked with the user's phone to Google's Firebase service. That adds up to “serious privacy risks,” Jumbo said.
“It’s really an oversight from them,” said Jumbo Privacy CEO Pierre Valade. “It’s not a bad intention. They were rushing to build this product.”