New York attorney general Letitia James has asked Apple and Google to vet contact tracing apps submitted to their app stores to distinguish official from unofficial ones, and to ensure that they protect user privacy.

Apple has already taken one step in this direction, but New York wants the company to go further …

Apple has already said that only official government health agencies can use the privacy-protecting joint Apple/Google API to create coronavirus contact tracing apps. Commercial companies and individual developers will not be given access to the API.

But that still leaves the door open to third-party contact tracing apps which don’t use the API, and James wants Apple and Google to vet those.

Attorney General James calls on Apple and Google to ensure that existing and future third-party contact tracing apps published through Apple’s App Store and Android’s Play Store do not inappropriately collect and retain users’ sensitive information.

Attorney General James seeks the companies’ help in preventing untrusted third-party apps from collecting sensitive personal health information, minimizing invasive data collection, and ensuring appropriate deletion of consumer information. Attorney General James also asks the companies to make clear to consumers the difference between apps launched by governmental public health agencies, meant to notify individuals they may have been exposed to the virus, and third-party contact tracing apps, which could possibly take advantage of consumers for financial gain.

“As businesses open back up and Americans venture outdoors, technology can be an invaluable tool in helping us battle the coronavirus,” said Attorney General James. “But some companies may seek to take advantage of consumers and use personal information to advertise, mine data, and unethically profit off this pandemic. Both Apple and Google can be invaluable partners in weeding out these bad actors and ensuring consumers are not taken advantage of by those seeking to capitalize on the fear around this public health crisis.”

James wants Apple and Google to agree to four specific measures:

  • Ensure only official apps can collect sensitive health info, live COVID-19 test results
  • Ban apps from using personal info for targeted ads
  • Ban third-party apps from identifying users
  • Limit third-party apps to holding 14 days’ worth of data, and requiring them to delete it on user request

She also calls for developers to be transparent about who they are, what data they collect, and the fact that they don’t use the joint Apple/Google API. Business Insider reports that the two tech giants have been asked to respond to the letter by June 19.

An earlier WSJ piece found that it’s a bit of a wild west out there.

According to a new study of more than 100 apps in the Google app store by the International Digital Accountability Council, a watchdog group, and an analysis by The Wall Street Journal, some of the emerging contact tracers and symptom trackers aren’t transparent about what they are doing with user data, potentially allowing the use of private health-care data for advertising. Others share information such as location data with third-party services.

Apple has already banned contact tracing apps displaying ads or offering in-app purchases, but there appears to be no specific ban on monetizing data-collection.

FTC: We use income earning auto affiliate links. More.

Apple July 4 sale Adorama

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear