Over the past week, a growing number of Android users in the state of Massachusetts have accused Google of stealth-installing “spyware” on their devices under the guise of a state government-supported Covid contact-tracing app.
Launched by the state on June 15, MassNotify enables users who have turned on the voluntary ‘Covid-19 Exposure Notifications’ feature on their devices’ settings to be alerted via Bluetooth if they have potentially been exposed to the virus.
After enabling the feature, users can choose the state from which they want to receive alerts, and the respective state’s app will be installed on the device. However, dozens of people have claimed that they received the application despite not opting into the feature.
“Automatically installed without consent. It has no icon, no way to open this and see what it even does, which is a huge red flag… I think it’s spyware, phishing as the DPH (Department of Public Health),” user Callie M. noted in a review on the app’s Google Play store page.
Terming it an “unethical breach of privacy and a forceful misappropriation of personal property,” user Frank L. said, “The degree to which my data is collected or distributed through it has not been disclosed neither in active nor inactive form… I can only conclude and caution others that it is disclosing your whereabouts and social contacts without permission.”
The app’s page describes it as being “privacy-focused.” It notes that the DPH takes user “privacy and confidentiality very seriously” and stated that “no GPS or location information” shared from devices will “ever be collected or used” by the app.
In a statement to the 9to5Google news outlet, Google confirmed that the exposure notification system is “built into” device settings and is “automatically distributed” by the Google Play Store so “users don’t have to download a separate app.”