Skip to main content

Contact tracing app data misused by German police after restaurant death

Update: The app is a secondary one popularly used for electronic check-ins at venues, distinct from the government app which uses the Apple/Google API.

German police have misused a COVID-19 contact tracing app data by apparently faking an infection at a restaurant in order to obtain details of potential witnesses.

The joint Apple/Google API used by the government app can’t be abused in this way, as it doesn’t track locations, but a separate app for QR code check-ins was misused …

The Washington Post reports.

Authorities in Germany are under fire for tracking down witnesses to a potential crime by using data from a mobile phone app that was intended to help identify close contacts of people infected with the coronavirus.

Police in the city of Mainz, near Frankfurt, successfully petitioned local health authorities to release data from an app called Luca when a man fell to his death after leaving a restaurant in November. They said they were seeking witnesses who had dined at the restaurant around the same time and reportedly found 21 people from the app data.

Apple and Google created the contact tracing API with eight privacy safeguards to prevent this kind of abuse. Among them, the API doesn’t know where you have been, and no data goes to the government without your permission.

However, some countries have included a separate venue check-in feature that doesn’t use the API, while others have a separate app for this. When you visit say a restaurant, you can use the app to scan a QR code in order to tell it you were there on that date and at that time. That data remains unused unless someone at the venue at the same time later tests positive, in which case your details can be made available to contact tracers.

What appears to have happened here is that the police got somebody at the restaurant (likely a manager or other staff member) to falsely report a positive test result. This then triggered the release of contact details for those present at the time.

WP reports that the police action appears to be illegal.

Luca is subject to Germany’s strict data-protection regulations and, by law, information from the app cannot be accessed by non-health authorities and used in criminal prosecutions.

As the piece notes, uptake of contact tracing apps has been much lower than hoped, largely due to privacy fears, so this type of abuse can do an enormous amount of harm.

Photo: Pixabay

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications