According to several user reports from the past, MassNotify – the Massachusetts exposure notification app – was automatically installed on Android phones without warning. It’s unclear whether this was a deliberate decision or a bug, but exposure notifications were also not enabled with the install.
There are a few key qualifiers around that are either accidental or intended rollouts. The state of Massachusetts just launched the MassNotify app on Tuesday, June 15. This is slightly different from the first round of exposure notification applications where the state (either directly or through an authorized contractor) created and released a traditional app to the Play Store.
Rather, Massachusetts is using the “Exposure Notification Express” system that Google and Apple announced last September. This approach sees health agencies submit a configuration file to both companies, detailing how/when the notifications should be triggered, and the next steps once the alerts are received. The state agency also supplies assets such as logos and other text. It’s a faster way to trace and run this form of contact.
You can tell that Massachusetts is using Exposure Notification Express given the lengthy manual setup/download process. After you select Settings > Google > COVID-19 exposure notifications > Add another region, states (like California) have built their app, it’s exposed directly to the user.
However, those in a state that use the express system are first told that exposure notifications are available. You are asked to select “Continue” and “Turn on”, as well as whether or not you want to “Share” the analysis. Afterwards, your work is finished and alerts are enabled because the whole process is happening in a single setting workflow.
There is no separate app icon in your launcher or dedicated in-app experience. Instead, you tackle everything through the settings, including sharing a COVID-19 diagnosis and “viewing sharing history.”
Considering the fact that Massachusetts Exposure is using Notification Express, users in the past 24 hours have reported having MassNotify installed on their devices without prior interaction. At least one user said that they do not even live in the state.
Most were made aware of its existence after being prompted to update the app in the Play Store. (Here’s the Google Play listing.) They then proceeded to install it from the Settings app list — again, it doesn’t have an icon in the launcher or an in-app experience by design. That said, others say they’ve even been notified of it being available.
However, even if the app is installed on your device without that explicit permission, the exposure notification doesn’t appear to be active and still requires manual user setup. That said, some still take offense at downloading it without their consent, even though it is not yet active.
The question today is how it got installed on end user devices. It is possible that a bug in the system caused Google to accidentally push the application to the phone. However, if this was done intentionally, it raises the question of who authorized that action. We have contacted Google for comment.
FTC: We use income generating auto affiliate links. more.
Check out 9to5Google on YouTube for more news: