Data from contact tracing app misused by German police after death


Update: The app is a secondary app commonly used for electronic site registrations, separate from the government app that uses the Apple/Google API.

German police misused data from a COVID-19 contact-tracing app by apparently simulating an infection in a restaurant in order to obtain details of potential witnesses.

The joint Apple/Google API used by the government app cannot be used in this way, as it does not track locations, but a separate app for QR code check-ins has been misused…

The Washington Post reports.

German authorities are under fire for tracking down witnesses to a potential crime using data from a mobile phone app meant to help identify close contacts of people infected with the coronavirus.

Police in the city of Mainz, near Frankfurt, successfully asked local health authorities to release data from an app called Luca when a man died after leaving a restaurant in November. They said they were looking for witnesses who dined at the restaurant around the same time and found 21 people from app data.

Apple and Google created the Contact Tracing API with eight privacy safeguards to prevent this kind of abuse. Among them, the API does not know where you have been, and no data is transmitted to the government without your permission.

However, some countries have included a separate location registration feature that doesn’t use the API, while others have a separate app for it. When you visit a restaurant, for example, you can use the app to scan a QR code to tell it you were there on that date and time. This data remains unused unless someone on the site at the same time later tests positive, in which case your details may be made available to contact tracers.

What appears to have happened here is that the police asked someone at the restaurant (likely a manager or other member of staff) to falsely report a positive test result. This then triggered the publication of the contact details of those present at that time.

WP reports that the police action appears illegal.

Luca is subject to strict German data protection regulations and, according to law, the information in the app cannot be viewed by authorities other than health and used in criminal proceedings.

As the article notes, adoption of contact-tracing apps has been much lower than expected, largely due to privacy concerns, so this kind of abuse can do a lot of harm.

Photo: Pixabay

FTC: We use revenue-generating automatic affiliate links. After.

Check out 9to5Mac on YouTube for more Apple news:


Comments are closed.