In April 2020, due to the unique times caused by the coronavirus pandemic,
Google and Apple partnered up to build a COVID-19 tracking feature for their
respective platforms. The new tech was invented to warn users if they grow
into contact with anyone affected by the virus. However, now, Google is being
sued by its users alleging that the search engine giant exposed their personal
data via its COVID-19 exposure-notification system with Apple. The case has been
filed in the federal court for invasion of privacy. Two people from California who
have submitted the action lawsuit claim that any information from a user’s
anonymous positive opinion of coronavirus using Google’s system can be gathered
from “rolling proximity identifiers” that thought to be untraceable.
The documentation reads,
The hundreds of applications the sophisticated technology companies behind them with access to system logs can easily associate the data that Google-Apple Exposure Notification System logs to the device owner’s identity. Device manufacturers, network providers, & application developers commonly have identifying info about the owners of devices with their apps, or they have permissions to access information like the phone num associated with a device.
When asked about the lawsuit, Google spokesperson Jose Castaneda reported Google aware of a problem that its solidifying. He wrote in an email,
With the Exposure Notification system neither Google, Apple, nor other users can see your identity and all of the Exposure Notification matching happens on your device. We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some pre-installed applications for debugging purposes. We reviewed the issue, considered mitigations, updated the code, and ensuring the fix rolled out to users.
The lawsuit comes after the privacy review company AppCensus disclosed the
issue to Google in February 2021.