College contact-tracing app readily leaked personal data, report finds

Article note: This is right at the nexus of a whole slate of things that attract bad behaviors: - Ed-tech carpetbaggers selling bullshit to universities - Paternalistic behavior by schools - COVID-19 Scams - Intrusive software siphoning data for purposes that don't benefit the owner - Software where purchaser != user being absolute shit I was afraid UK was going to try some shit like this and I'd have had to go to bat, but fortunately they just bought some salesforce bullshit that sends a vapid self-reporting survey every morning.

Enlarge / A surveillance camera mounted on a wall on a sunny day. (credit: Thomas Winz / Getty)

In an attempt to mitigate the potential spread of COVID-19, one Michigan college is requiring all students to install an app that will track their live locations at all times. Unfortunately, researchers have already found two major vulnerabilities in the app that can expose students' personal and health data.

Albion College informed students two weeks before the start of the fall term that they would be required to install and run the contact tracing app, called Aura.

Exposure notification apps being deployed by states, based on the iOS and Android framework that Apple and Google announced earlier this year, are designed to minimize harms to privacy. That framework basically uses a phone's Bluetooth capabilities as a proximity sensor, to see if the phone it's installed on has been near a phone of someone who reports having tested positive for COVID-19.