Google is force-installing a Massachusetts COVID-19 tracking app on residents' Android devices without an easy way to uninstall it.
For the past few days, users have reported that Google silently installed the Massachusetts 'MassNotify' app on their devices without the ability to open it or find it in the Google Play Store.
"This installed silently on my daughter's phone without consent or notification. She cannot have installed it herself since we use Family Link and we have to approve all app installs. I have no idea how they pulled this off, but it had to involve either Google, or Samsung, or both," a user wrote in a review on the Google Play Store.
"Normal apps can't just install themselves. I'm not sure what's going on here, but this doesn't count as "voluntary". We need information, and we need it now, folks."
MassNotify is Massachusetts' COVID-19 contact tracing app that allows users who have opted into Android's 'COVID-19 Exposure Notifications' feature to be warned when exposed to the virus.
When opting into this feature, users can select the country and state they want to receive notifications from, and the corresponding states app will be installed on the device
However, Android users state that they have received the application even though they have not turned on the Android Exposure Notification settings on their device.
A YCombinator's Hacker News reader contacted the MassNotify Help Desk and was told that the appearance of the MassNotify app in their app list means that it is installed but not necessarily active.
"The appearance of MassNotify in the app list does not mean that MassNotify is enabled on your phone. The presence of the app merely means that MassNotify has been made available as an option in your phone's settings if you wish to enable it. For more information about this, please see this help center article from Google: https://support.google.com/android/answer/10775533
You can see whether MassNotify is active by going to Settings -> Google -> COVID-19 Exposure Notifications. The “Use Exposure Notifications” toggle at the top of the page will show you whether MassNotify is active or not. From this screen, you can also enable or disable MassNotify at any time."
Many people, though, are reporting that they cannot find any icons for the app, and it is not found when searching for 'MassNotify' in the Google Play Store, and thus cannot uninstall the force-installed app.
Instead, users have to go to the MassNotify Google Play Store URL that uses the app's internal name of 'Exposure Notifications Settings Feature - MA' and uninstall it from there.
Update 6/20/21: In response to our questions about the MassNotify app, Google told BleepingComputer that the app is installed but not enabled unless a user turns on the COVID-19 Exposure Notifications.
"We have been working with the Massachusetts Department of Public Health to allow users to activate the Exposure Notifications System directly from their Android phone settings. This functionality is built into the device settings and is automatically distributed by the Google Play Store, so users don't have to download a separate app.
"COVID-19 Exposure Notifications are enabled only if a user proactively turns it on. Users decide whether to enable this functionality and whether to share information through the system to help warn others of possible exposure.“
BleepingComputer has sent followup questions to Google asking why the app is installed before users enable Android's COVID-19 Exposure Notifications feature.
Comments
paulchabot - 2 years ago
Would love to read the follow up to this...
LwnOEukX-r1 - 2 years ago
I noticed this the other day doing some updates. I thought nothing of it, since it looked like an Android support bit.
I noticed it had changed its name, and was able to uninstall it normally. Pixel 4 (5G) running the latest Android 11.
ki4rwl - 2 years ago
I'm not really a "conspiracy theorist"... but this article does make me wonder what else they (Google, Apple, etc.) have installed/could install without us knowing...
JaneDoeReally - 2 years ago
So here is my question...I removed this horrific thing on the 19th, I saw it when I opened the play store app on my phone, it was listed in my apps and had the uninstall button which I did. It even had that icon of the phone in the hand to look like a heart at that time. I do not have the 'Exposure Notification' setting turned on then or now. But I could not find the silly app in the play store, I wanted to make sure it wasn't pushed again as one review said it was. I followed the link in your article ( MassNotify Google Play Store URL) to see what it says. Funny enough it says it is installed on my phone, however, I do not see any evidence that it is. I actually clicked on the green install button and it asked me which device I wanted it installed on.
Is it really installed? Probably not but it just adds to the whole shadiness of the whole process. I do not like seeing within articles that seem to downplay the seriousness of this because they keep quoting Google's response of "but it is not activated'. Regardless of it being activated or not, it is serious, it was pushed without consent, and truly Google and Apple have always had the ability, the point is that hiding it makes it look worse than it is, and quite frankly I was never very trustful of them but this certainly elevates things. Technically they are accurate the app was not enabled, but pushing that down the throats of people that are rightly peeved is not a good look Google, it just makes you look even more condescending than you normally are.