See the hidden trackers in your apps.

Powered by Lockdown

Trackers? All Reviews

Care19

COVID Contact Tracing

iOS Review on May 23, 2020

3 TRACKERS
34 ATTEMPTS
PRIVACY
RATING
D
PRIVACY
RATING
D

The standard for apps like Care19 that handle sensitive health data are much higher than other apps, and doubly so during times of crisis. User data should not be sent to third party marketing companies like Foursquare, and if it was absolutely necessary, should be disclosed clearly and up-front, with easy ways to opt-out. Thanks to security researcher Pierre Valade for flagging this app for review.

Care19's Privacy Rating is D. We found 3 different third-party trackers in the Care19 app, and there were 34 attempted tracking connections detected during our test.

Testing Results

Blocked tracking attempts.

How was tracker testing done?

Tested using Lockdown v0.3.8

What was done during the test?

53 tracking attempts during the five minute test: Download and install app, agree to terms, and activate "Visits", "Participants", and "Info" tabs.

How many tracking attempts each time the app is opened?

12 total, to Google Crashlytics and Bugfender.

Did user give consent to tracking before tracking started?

Partially. The app immediately connects to Google's Crashlytics and Bugfender, regardless of user consent. Location services tracking to Foursquare is only done after user consent.

Any background tracking when app isn't open?

Yes. There appear to be connections to Foursquare and Bugfender when the app is not in the foreground.

Personal Data Collected
🏥 Health Data
📍 Location
❗️ Notification
Trackers Found
Foursquare

Analytics

Marketing

Foreground/Background Location Awareness

Privacy Policy: Data about your activity when using the Consumer Services or on unaffiliated websites and apps, or Data received from web browsers or operating systems such as browser types and settings, the operating systems, device models, carriers, location information, IP address, mobile device and advertising identifiers (e.g. Apple IDFA or Google Advertising ID), as well as cookie information, pixel or other similar technology

Bugfender

Reporting

Remote Logger, Reporter

Privacy Policy: app usage data, such as the date and time the app on your device accesses our servers and what information and files have been downloaded to the app based on your device number, application logs - Free text provided for customers to which some of our staff has access to your logs in order to be able to provide you with the service

Google Crashlytics

Analytics

Realtime issue reporting

Privacy Policy: Owned by Google, so same as Google's Privacy Policy. Personal information, email address, apps, browsers, devices, unique identifiers, browser type and settings, device type and settings, and too much more to fit here.

Please share this review if you found it useful!