COVID Contact Tracing
iOS Review on May 23, 2020
The standard for apps like Care19 that handle sensitive health data are much higher than other apps, and doubly so during times of crisis. User data should not be sent to third party marketing companies like Foursquare, and if it was absolutely necessary, should be disclosed clearly and up-front, with easy ways to opt-out. Thanks to security researcher Pierre Valade for flagging this app for review.
Care19's Privacy Rating is D. We found 3 different third-party trackers in the Care19 app, and there were 34 attempted tracking connections detected during our test.
Blocked tracking attempts.
How was tracker testing done?
Tested using Lockdown v0.3.8
What was done during the test?
53 tracking attempts during the five minute test: Download and install app, agree to terms, and activate "Visits", "Participants", and "Info" tabs.
How many tracking attempts each time the app is opened?
12 total, to Google Crashlytics and Bugfender.
Did user give consent to tracking before tracking started?
Partially. The app immediately connects to Google's Crashlytics and Bugfender, regardless of user consent. Location services tracking to Foursquare is only done after user consent.
Any background tracking when app isn't open?
Yes. There appear to be connections to Foursquare and Bugfender when the app is not in the foreground.
Foreground/Background Location AwarenessShow Collected Data ›
Remote Logger, ReporterShow Collected Data ›
Realtime issue reportingShow Collected Data ›