Cerberus IT Solutions Blog
Is My Smartphone Tracking COVID-19 Exposures Without My Consent?
Remember a few months ago when Google and Apple joined forces to come up with a system to help state and local governments establish a COVID-19 Exposure Notification system? If you didn’t, you aren’t alone. A lot has been going on lately. Just to catch you up, the two tech giants recently pushed out an update across nearly all modern smartphones so state and local governments can deploy apps to notify people when they may have been exposed to COVID-19. Let’s do a deep dive on what this means for your privacy.
To be honest, we stopped thinking about Google and Apple’s COVID-19 Exposure Notification system too. That is, until we started seeing social media posts going around over the last week or so claiming that Android and iPhones have been getting a COVID-19 tracking app installed without getting permission from the user first.
Here is an example of one of the posts that have been making rounds across Facebook:
**VERY IMPORTANT ALERT!***
A COVID-19 sensor has been secretly installed into every phone.
Apparently, when everyone was having “phone disruption” over the weekend, they were adding COVID-19 Tracker [SIC] to our phones!
If you have an Android phone, go under settings, then look for google settings and you will find it installed there.
If you are using an iPhone, go under settings, privacy, then health. It is there but not yet functional.
The App can notify you if you’ve been near someone who has been reported having COVID-19.
We checked our phones and confirmed that the option is clearly there. On Android, go to your Settings and tap on Google Settings and front and center will be an option to opt-in to the COVID-19 Exposure Notification system. By default, you are not opted in.
On iPhones, go to Settings, then Privacy, then Health and you’ll see a similar opt in that is currently disabled. In fact, you can’t enable it unless you’ve installed an official COVID-19 Exposure Notification app from your local or state government.
No, Android and iOS Didn’t Sneak a COVID-19 Tracking App On Your Phone - It’s Just a New Security Setting
The two tech giants have been working together to build an API (short for Application Programming Interface) for a standardized system to make it easier for states and local governments to build an effective app to notify users if they may have been exposed to COVID-19. Google and Apple aren’t building the apps or pushing them out to users. If you see this setting, rest easy knowing they didn’t sneak a COVID-19 app onto your phone without your consent.
It’s Not the App, It’s the Opt-In the Apps Will Require
Just to be perfectly clear, unless you manually installed something, your Android or iPhone isn’t just going to start tracking you and your friends and family to see if you have COVID-19.
Apple and Google confirmed this in a joint statement saying “What we’ve built is not an app - rather public agencies will incorporate the API into their own apps that people install.”
One thing worth pointing out is that the system won’t work as well if users don’t participate - if half of all users decide not to opt in, the system might not be reliable enough to do much good. It’s really up to the local governments and states to raise awareness while addressing the public’s concerns for privacy. With that said, what is being done to ensure that your privacy is protected?
Is the COVID-19 Exposure Notification Update from Google and Apple Safe?
Keep in mind, it’s really up to state and local governments to deploy the official apps themselves. Apple and Google merely laid out some groundwork that these apps can utilize.
Here’s how it works. First, you need to install an official application from your local or state government. When you install it and set it up, you’ll also need to opt in to Google or Apple’s API (that’s the new setting everyone is worried about). Once you are set up, a random ID is generated and exchanged between your phone and other nearby phones (that also opted in) within Bluetooth range. These random, anonymous IDs are stored on your phone. The random IDs are also changed every 10 to 20 minutes so they can’t be tracked. In short, your phone keeps tabs of phones it has been near without collecting or sharing any personally identifiable information.
If someone is diagnosed with COVID-19 and that personal manually shares that information with one of the official contact tracing apps, all of the random IDs their phone has collected over the past two weeks are uploaded (with that user’s permission) and the users of those IDs are notified that they may have been exposed.
In other words, you don’t know who or where you may have been exposed to COVID-19. You just know that, at some point, the owner of one of the phones you’ve been within 30-or-so feet of has shared that they have been diagnosed with COVID-19.
Most importantly, the system doesn’t track your location, or share other users’ identities within the app, or even with Google or Apple. According to Google, the apps are not allowed to use your phone’s location or track your location in the background.
The technology is very secure and anonymous. It has to be, because it has to fall under the strict rules that govern healthcare data.
The Big Question Everyone is Asking: How Do You Uninstall the Apple/Google COVID-19 Exposure Notification Update?
Let’s get this out of the way. There is no app to uninstall. It’s an update to the Android and iOS operating system as part of a recent security update. The update isn’t tracking you - it’s simply a setting that lets you decide if you want to opt in to participate in the COVID-19 Exposure Notification System.
The only real danger is if you search around the Internet and follow instructions that walk you through rolling back your phone or other risky procedures to try to remove the update. That puts your phone at risk for other threats. There is nothing to uninstall, and rolling back your phone and preventing future security updates from ever getting installed is not a good plan.
If you don’t want to particulate, simply do not opt in. If you are worried about it, both Apple and Google state that by simply not installing a COVID-19 Exposure Notification app, or uninstalling one if you did install one, is all it takes to not participate.
JUST TO MAKE IT CLEAR: DO NOT FOLLOW ANY INSTRUCTIONS ONLINE THAT WALK YOU THROUGH ROLLING BACK YOUR PHONE AND OPTING OUT OF SECURITY UPDATES.
That is only going to put your data and your privacy at risk. In other words, it’s shortsighted.
That said, the choice to opt in or out of the COVID-19 Exposure Notification system is yours to make, but Google and Apple seem to have built a system that is secure, without violating anyone’s privacy. If you have any concerns about the security of your data, don’t hesitate to reach out to us at Cerberus IT Solutions.
Comments