Someone sent me the link to this story earlier. This seems pretty incredible:
Text from the story:
Android phone users were understandably alarmed when MassNotify appeared on their devices. The tool “doesn’t have an app icon,” one person reported on Google Play, “you have to go through settings and view all apps. This is a huge privacy and security overstep by [Gov. Charlie Baker] & Google.”
Other people also described it as “spyware,” while a user on Hacker News wrote, “It’s pure madness that Play Services comes with this sort of backdoor. This is clearly what I would consider a deliberate … vulnerability.”
My opinion is mostly that this is old news–I believe it was briefly discussed on TWiG like a month ago. It is well known that Apple and Google can install or uninstall any app they like on their platforms without user involvement. Since the particular app is useless unless the feature on the phone is also activated, seems like a lot of bluster over a poorly written government app that arrived months (if not a year) too late.
Aside from it being a tempest in a teapot, it’s tied to the OS feature that is likewise not uninstallable. The application is written by a government agency, one presumes that the terms that Google offered the API it is based on allows them to integrate the app with the API at the request of said government agencies. It was a dumb way to deploy it… but no doubt the government and Google assume users are not very smart and need the help. If you don’t like the way the OS behaves, perhaps you shouldn’t use the OS, or you should better read the terms of service that comes along with it.
It’s technologists that thought they could solve a problem with technology that is in fact a social problem. (That of people not wanting to follow changing health guidelines and do social distancing.) It was a reactionary response… do something… so anything… to appear to “help”. And then the government jumped on the bandwagon. It’s a waste of time, and was shown to have practically not helped what-so-ever. It’s a political boondoggle over-reaction … Blame Google and Apple for bandwagon jumping and trying to please politicians, and blame various governments for going along with it. All the same, at least someone tried something, unlike the former President who though covid wasn’t dangerous and would go away on its own.
I assume this was Exposure Notifications Express? After the first release, they updated it to allow it to work without a health authority app. So disingenuous IMO to say ‘an app’ was ghost installed. A config for Express was deployed. That’s why there was no app/icon in the app drawer.
I think Google and Apple have said the feature will be removed from the OS when the pandemic is over
Gee, sure is nice of them to promise that! /sarcasm
Aside from my opinion that these exposure notification apps aren’t all that effective, the whole backdoor install part is pretty skeevy. But there’s no license cost to Android or iOS, so we gotta pay with dystopian nonsense like this. I kind of hope some sort of digital property amendment gets passed in the future that shores up private domain in the virtual space that could address these kinds of things.
Not really disagreeing, except the argument could be made that the “app” is as much part of the OS, as anything else, given that the app relies on the exposure notification API to do anything useful. To me its more just a communication failure, Google is not great at communication… anymore than is Microsoft either
I don’t have a problem with the API, agree that it’s part of the OS. But that’s not the part that the state govt installed on people’s phones. Even if Google and Apple popped up a notification saying that they’re installing this (non?)app I’d still feel the same way.
Are these people conflating two different things here? Apple and Google pushed out the API to allow this functionality, even to older phones, through the app store.
The API needs to be manually activated through settings and doesn’t have any UI or icon - other than the on/off slider in settings.
The user then needs to download a separate COVID tracking app that makes use of it. In my case, the RKI COVID Warn App. Only when I have installed the warn app does the API do anything active - and I still had to confirm that I wanted to enable the COVID API from within the app.
The API was announced, that it would be pushed to all devices (iOS and Android). But the user still needs to manually download and install an actual tracing app that makes use of it.
Looking at the article, the Google response is talking about the API that they pushed out, whereas the article is talking about the MassNotify app. I’m wondering if they are conflating the two and saying the COVID API in the settings is the MassNotify app, which is wrong.
The article is very poorly written and just seems to try and blur the lines and not actually try and define what is going on here. It sounds like it is written by someone who was panicked by the words COVID appearing in the settings and raised the alarm, without actually understanding what is going on and everybody else is just jumping on the bandwagon, without understanding the issue.
From the Verge:
The feature was “automatically distributed,” Google said in a statement to 9to5Google , but users still have to actively opt in to send and receive exposure notifications.
Here, it sounds very much like Google is talking about the API itself, not an app.
This is a different scenario. The APIs now have a basic ‘headless’ mode (called Express) that doesn’t need an app. The health provider just provides Google/Apple with some config info (an icon, what to put in the contact detected notification etc.) I suspect the challenge is then how do you deploy this if there is no app in the Google/Apple stores for a user to pick? Agree that a blanket rollout to all is wrong.
It shows up as an installable app in the Play Store for me (using Play Store Germany).
But, yes, if it really was sneakily rolled out to all Android users in the state, that is wrong. Just the wording on the articles seemed to be the writer talking about the app and the Google response about the installation of the API…
Yup. They haven’t removed the ability for health providers to use their own app, but in the Massachusetts situation, it was using the Express approach. I read somewhere on Android it auto-generates a basic app based on the config info provided. Definitely wrong to not ask user permission at this point.
One problem with requiring the user to find “the right” app in the store is the obvious… they’ll fail, spectacularly. They’ll get bogus copy apps, or they’ll get the app for another state or province, or they’ll think that downloading the app is all they have to do (and not enable the setting, or enable bluetooth or whatever else…) There is something to be said for trying to make it idiot proof… but you know what they say… you can’t make it idiot proof because idiots are so ingenious.
Yes, that is the big difference between Germany and the USA. In the USA, each state creates their own app. In Germany, the federal government created a single app for the country and citizens in each state use the same federal app - it also has the advantage, that if you go across the border into another state, you don’t have to switch apps.
I live right on the border between NRW and Lower Saxony, many of our employees live in NRW and work in Lower Saxony. That would mean using 2 apps, if it was state based, on a daily basis.
The German government just got the Robert Koch Institut to write the app, it was open sourced and the UK ended up using it as the basis of their app, after scrapping their own app, which didn’t use the Google/Apple API and tried to use a central repository of contact information; which was judged illegal.
Being reported here this morning they may reduce the sensitivity of our app ahead of the removal of public health measures. I assume to reduce the number of contacts reported/minimise the amount of folks isolating. Yet the virus is thought to be more transmissible now
Yes, the UK Government seems hellbent on killing as many people as possible…
Highest infection rate in the western world, yet getting rid of safety measures.
Thrown out foreign HGV drivers and not bothered to train up enough replacements over the last 5 years, so they will endanger all road users by increasing the drivers hours to compensate for the shortfall.
It really is a shambles at the moment, to put it mildly. I’m glad I don’t live in the UK any more and I feel really sorry for those that do and have to put up with this.
Interesting how this story (in this group’s discussion) went from Google put MassNotify on Android user’s phones without their permission, to somehow Apple was to blame as well!! hahahahaha some folks here crack me up
