Dutch government pauses COVID-19 app over data leak fears
The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system.
Health Minister Hugo de Jonge announced late Wednesday that the CoronaMelder app will stop sending warnings for 48 hours while the government checks if users' data is secure.
The Dutch app uses “exposure notification” technology developed by Google and Apple that generates random codes that can be exchanged by phones whose users are close to one another for long enough to possibly transmit the virus.
The Dutch health ministry says that it is possible for other apps on Android phones to access data about whether its user's had been infected and its contacts with other phones.
“The privacy of users is always a priority. While Google must solve the problem, I can limit the consequences. That’s why we’re taking this decision,” De Jonge said in a statement.
Most EU nations have designed contact tracing apps around the same technology, the European Commission said. The Commission said that it has informed controllers of national apps in the 27-nation EU “so that Member States take the necessary steps if necessary.”
According to the Dutch health ministry, Google informed the government Wednesday it has fixed the issue. The government halted messages from the app for 48 hours to check if the leak has been fixed.
In a statement emailed to The Associated Press, Google said it has been “rolling out a fix for an issue where random Bluetooth identifiers used by the Exposure Notification framework on Android were temporarily accessible to a limited number of pre-installed applications.”
The tech giant said that the rollout began several weeks ago and it expects the fix "to be available to all Android users in the coming days.”
Google said that random Bluetooth identifiers “on their own have no practical value to bad actors, and it is extremely unlikely that developers of pre-installed apps were aware of the inadvertent availability of those identifiers.”
The company added that it has no indications that any data from coronavirus exposure apps was accessed inappropriately.