%0 Generic %1 leith2020contact %A Leith, Douglas J. %A Farrell, Stephen %D 2020 %K Android Corona-App Google contact_tracing data_protection privacy %T Contact Tracing App Privacy: What Data Is Shared By Europe’s GAEN Contact Tracing Apps %U https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf %X We describe the data transmitted to backend servers by the contact tracing apps now deployed in Germany, Italy, Switzerland, Austria, Denmark, Spain, Poland, Latvia and Ireland with a view to evaluating user privacy. These apps consist of two separate components: a “client” app managed by the national public health authority and the Google/Apple Exposure Notification (GAEN) service, that on Android devices is managed by Google and is part of Google Play Services. We find that the health authority client apps are generally well behaved from a privacy point of view, although the privacy of the Irish, Polish, Danish and Latvian apps could be improved. In marked contrast, we find that the Google Play Services component of these apps is extremely troubling from a privacy viewpoint. In one “privacy conscious” configuration, Google Play Services still contacts Google servers roughly every 20 minutes, potentially allowing fine-grained location tracking via IP address. In addition, Google Play services also shares the phone IMEI, hardware serial number, SIM serial number, handset phone number, the WiFi MAC address and user email address with Google, together with fine-grained data on the apps running on the phone. This data collection is enabled simply by enabling Google Play Services, even when all other Google services and settings are disabled. It therefore appears to be unavoidable for users of GAEN-based contact tracing apps on Android. This level of intrusiveness seems incompatible with a recommendation for population-wide usage. We note the health authority client app component of these contact tracing apps has generally received considerable public scrutiny and typically has a Data Protection Impact Assessment, whereas no such public documents exist for the GAEN component of these apps. Extending public governance to the full contact tracing ecosystem, not just of the health authority client app component, therefore seems to be urgently needed if public confidence is to be maintained.

@electronic{leith2020contact, abstract = {We describe the data transmitted to backend servers by the contact tracing apps now deployed in Germany, Italy, Switzerland, Austria, Denmark, Spain, Poland, Latvia and Ireland with a view to evaluating user privacy. These apps consist of two separate components: a “client” app managed by the national public health authority and the Google/Apple Exposure Notification (GAEN) service, that on Android devices is managed by Google and is part of Google Play Services. We find that the health authority client apps are generally well behaved from a privacy point of view, although the privacy of the Irish, Polish, Danish and Latvian apps could be improved. In marked contrast, we find that the Google Play Services component of these apps is extremely troubling from a privacy viewpoint. In one “privacy conscious” configuration, Google Play Services still contacts Google servers roughly every 20 minutes, potentially allowing fine-grained location tracking via IP address. In addition, Google Play services also shares the phone IMEI, hardware serial number, SIM serial number, handset phone number, the WiFi MAC address and user email address with Google, together with fine-grained data on the apps running on the phone. This data collection is enabled simply by enabling Google Play Services, even when all other Google services and settings are disabled. It therefore appears to be unavoidable for users of GAEN-based contact tracing apps on Android. This level of intrusiveness seems incompatible with a recommendation for population-wide usage. We note the health authority client app component of these contact tracing apps has generally received considerable public scrutiny and typically has a Data Protection Impact Assessment, whereas no such public documents exist for the GAEN component of these apps. Extending public governance to the full contact tracing ecosystem, not just of the health authority client app component, therefore seems to be urgently needed if public confidence is to be maintained.}, added-at = {2020-07-28T10:51:44.000+0200}, author = {Leith, Douglas J. and Farrell, Stephen}, biburl = {https://www.bibsonomy.org/bibtex/24f97debfb6c5301676fadb1b406c4cc1/meneteqel}, interhash = {668fd82a78993b51fb1a4ddde85bafb5}, intrahash = {4f97debfb6c5301676fadb1b406c4cc1}, keywords = {Android Corona-App Google contact_tracing data_protection privacy}, language = {eng}, timestamp = {2020-07-28T10:51:44.000+0200}, title = {Contact Tracing App Privacy: What Data Is Shared By Europe’s GAEN Contact Tracing Apps}, url = {https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf}, year = 2020 }