Google forcibly installs COVID contacts monitoring app on Android devices

Daniel ZimmermannJune 22, 2021

0 91 1 minute read

Users noticed that the MassNotify app, which is used for monitoring COVID contacts and tracking the spread of COVID-19 in Massachusetts, appeared on their devices without warning. At the same time, people are not able to open the application or find it in the Google Play Store.

The MassNotify app is used to track contacts of people infected with COVID-19 that allows users who have turned on the notification feature in Android to receive warnings about a possible virus infection.

Users can select the country and state from which they want to receive notifications, and the corresponding region app will be installed on the device.

[The app] was secretly installed on my daughter’s phone without consent or notification. She couldn’t install it herself as we use Family Link and all app installs must be approved. I have no idea how they did it, but it had to be related to Google or Samsung, or both.wrote one user in a review of the app on the Google Play Store.

Regular applications just can’t install themselves. I’m not sure what is going on here, but it certainly cannot be considered “voluntary”. We need information, people, and we need it now.writes another user.

One YCombinator Hacker News reader contacted MassNotify support and was told that the MassNotify app on their list of apps means it’s installed on the device, but not necessarily active.

When MassNotify appears in the list of applications, it does not mean that MassNotify is enabled on your phone. Having an app just means MassNotify is available as an option in your phone’s settings if you want to enable it. For more information read the Google Help Center article: https://support.google.com/android/answer/10775533

You can find out if MassNotify is active by going to Settings -> Google -> COVID-19 Exposure Notifications. The “Use Notifications” radio button at the top of the page will tell you if MassNotify is active or not. From this screen, you can also enable or disable MassNotify at any time.the developers said.

However, many users write that they cannot find any icons and traces of the application, as well as that it is not found in the Google Play Store when prompted for “MassNotify”, and therefore it is impossible to delete it forcibly. Instead, people have to use the direct MassNotify URL in the Google Play Store to remove it, as the app uses there the name Exposure Notifications Settings Feature – MA.

Interestingly, two versions of MassNotify can be found on the Google Play Store. It looks like one of them was not automatically distributed, it only has about 1000 installs and a 4.1 stars rating. The second version, marked “v3”, is drowning in negative reviews (1.1 stars currently), and users write that the application was automatically installed on their devices, and some even suspect that it is malware.

Soon, the media drew attention to this problem and turned to Google for comment. Here’s what the company said to 9to5Google reporters:

We are working with the Massachusetts Department of Health to allow users to activate a possible infection notification system right in their Android phone settings. This feature is built into the device’s settings and is automatically distributed through the Google Play Store, so users don’t need to download a separate app.

COVID-19 infection notifications are only triggered if the user has activated them in advance. It is up to users to decide whether to activate this feature and whether to transmit information through the system to alert others of the possible risk [of infection].

Let me remind you that we wrote about the Mysterious Cyber Group Attacks COVID-19 Vaccine Supply Chain, as well as that then COVID-19 vaccine data emerged on the Russian-language darkweb forum.

Sending