Attorney General Mark R Herring and a bipartisan coalition of 39 attorneys general are asking Apple and Google to ensure all contact tracing and exposure notification apps related to COVID-19 adequately protect consumers’ personal information. Specifically, the coalition asked Apple and Google to guarantee that such apps, when available to consumers, are affiliated with a public health authority and removed from the Apple App Store and Google Play once they are no longer needed by public health authorities.
Herring and his colleagues sent a letter to the Chief Executive Officers of Apple and Google acknowledging that while digital contact tracing and exposure notification tools are valuable in understanding the spread of COVID-19 and assisting public health authorities, these same technologies pose a risk to consumers’ privacy.
“I would encourage any Virginian who plans to use one of these contact tracing apps to make sure the app affiliated with a legitimate institution and read all the fine print before putting your private information in,” said Herring. “We have all seen how phone app hacks and data breaches can lead to personal and health information being leaked, which is why I’m asking Apple and Google to take the necessary steps to protect consumers.”
The coalition expressed concern regarding contact tracing and exposure notification apps available to consumers in the Apple App Store and Google Play, particularly the “free” apps that utilize GPS tracking, offer in-app purchases, and are not affiliated with any public health authority or legitimate research institution.
To protect consumers without interfering with public health efforts to monitor and address the spread of COVID-19, the letters ask Apple and Google to:
Verify that every app labeled or marketed as related to contact tracing, COVID-19 contact tracing, or coronavirus contact tracing or exposure notification is affiliated with a municipal, county, state or federal public health authority, or a hospital or university in the U.S. that is working with such public health authorities;
Remove any app that cannot be verified as affiliated with one of the entities identified above; and
Pledge to remove all COVID-19 / coronavirus related exposure notification and contact tracing apps, including those that utilize the new exposure notification application program interfaces (APIs) developed by Google and Apple, from Google Play and the App Store once the COVID-19 national emergency ends. In addition, the attorneys general asked Google and Apple to provide written confirmation to their offices once the apps have been removed or an explanation why removal of a particular app or apps would impair the public health authorities affiliated with each app.
Joining Herring in sending the letter are the attorneys general of Alaska, Arkansas, California, Colorado, Connecticut, Delaware, the District of Columbia, Guam, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Puerto Rico, Rhode Island, Tennessee, Texas, Utah, Vermont, and West Virginia.