Netherlands disables COVID-tracing app after discovering it helps Google collect private data

Dutch authorities disables COVID-tracing app after discovering it helps Google collect private data
Netherlands disables COVID-tracing app after discovering it helps Google collect private data
Avatar of Harry Johnson
Written by Harry Johnson

App users private data was collected by other programs Google installs by default on Android phone

  • The app uses the Google Apple Exposure Notification (GAEN) framework
  • Third-party apps are not supposed to have access to app codes
  • CoronaMelder app will not send warnings about potential infections for two day

The Netherlands’ Ministry of Health, Welfare and Sport announced that is disabled its COVID-19 contact-tracing mobile app after it was discovered that users private data was collected by other programs Google installs by default on Android phones.

The CoronaMelder app will not send warnings about potential infections for two days, the health ministryย said, after the data leak was discovered.

The app uses the Google Apple Exposure Notification (GAEN) framework โ€“ just like many other similar apps used throughout the EU. It works using constantly changing randomly generated codes exchanged between phones close to each other โ€“ and sends warnings to those who were in contact with someone who later tested positive for COVID-19.

Third-party apps are not supposed to have access to these codes. However, it turned out that this was not the case on Android phones, and apps installed by default were very much capable of reading the data.

In a statement, the government said this was aย ‘violation of the Temporary Act on notification application [for] COVID-19.’ย The breach was first discovered by an EU-wide eHealth Network and reported to the Netherlands on April 22. An investigation was launched shortly after, prompting Health Minister Hugo de Jonge to temporarily suspend the app, even though Googleย ‘indicated’ย that it had fixed the issue.ย 

The government is not taking any chances, though, opting to make sure the issue is solved before allowing the app to resume functioning. It will use the two days toย “investigate whether Google has actually fixed the leak,โ€ย the ministry’s statement read.

According to Google, the problem lay withย ‘random Bluetooth identifiers used by the Exposure Notification framework’ย that wereย ‘temporarily accessible to a limited number of pre-installed applications.’ย It also said that the data provided by the identifiersย ‘on their own have no practical value to bad actors,’ย adding that the third-party appsโ€™ developers were likely unaware the data was available.

Google also promised that the fix would beย ‘available to all Android users in the coming days.’ย The Dutch app had been downloaded by 4,810,591 people as of April 27, according to its website.

About the author

Avatar of Harry Johnson

Harry Johnson

Harry Johnson has been the assignment editor for eTurboNews for mroe than 20 years. He lives in Honolulu, Hawaii, and is originally from Europe. He enjoys writing and covering the news.

Share to...