In a letter  sent to the Chief Executive Officers of Google and Apple, Attorney General Rosenblum led a coalition of 39 Attorneys General to call upon the two companies to ensure that any contact tracing and exposure notification apps related to COVID-19 adequately protect consumers’ personal information. The bipartisan letter was led by the Attorneys General of Oregon and Nebraska, and asks Google and Apple to guarantee that contact tracing apps are affiliated with a public health authority and will be removed from Google Play and the App Store once they are no longer needed by public health authorities.
The Attorneys General are particularly concerned about the “free” contact tracing and exposure apps available in Google Play and the App Store that utilize GPS tracking, offer in-app purchases, and are not affiliated with any public health authority or legitimate research institution.
“While digital contact tracing and exposure notification tools are extremely valuable right now in stopping the spread of COVID-19, these same apps may collect your personal data and pose a risk to your privacy,” said Attorney General Rosenblum. “These apps have the ability to collect and store a lot of personal information about you. We want to make sure that any app available for download is associated with a legitimate public health agency or university, and that once the app is no longer needed, Apple and Google will remove it.”
Attorney General Rosenblum also issued a Scam Alert  encouraging Oregonians to lookout for imposter contact tracers who may text or email you out of the blue. They may say they are affiliated with a public health agency and need you to confirm your personal information. In Oregon, a legitimate contact tracer will contact you for the first time by phone or letter, but NOT by text message or email. A legitimate contact tracer will talk to you about your exposure and what steps to take to keep you and the public safe. They may ask for your birth date but will never ask for other personal information like a social security number, or credit card information. As with any suspicious email or text, never click a link without first ensuring it is not a scam.
To protect consumers without interfering with public health efforts to monitor and address the spread of COVID-19, the letters ask Google and Apple to:
– Verify that every app labeled or marketed as related to contact tracing, COVID-19 contact tracing, or coronavirus contact tracing or exposure notification is affiliated with a municipal, county, state or federal public health authority, or a hospital or university in the U.S. that is working with such public health authorities. If an app can not be verified, Google or Apple should remove that app.
– Pledge to remove all COVID-19 exposure notification and contact tracing apps, including those that utilize the new exposure notification application program interfaces (APIs) developed by Google and Apple, from Google Play and the App Store once the COVID-19 national emergency ends. In addition, the attorneys general asked Google and Apple to provide written confirmation to their offices once the apps have been removed or an explanation why removal of a particular app would impair the public health authorities affiliated with each app.
Attorney General Ellen Rosenblum and Nebraska Attorney General Doug Peterson led the letter, which was also signed by 37 other Attorneys General.
Click here for a copy  of the letter.