Albion College Under Fire Over 'Flawed' COVID Tracking App That Offers No Way to Opt Out

As schools and universities reopened amid the current coronavirus pandemic, they had to convince students and their parents that the students are safe within the school premises.

To ensure they keep up with their promise, Albion College, a small liberal arts school in Michigan, requires their nearly 1,500 students to download and install Aura a contact-tracing app to prevent COVID-19 spread within the campus.

According to TechCrunch, this is part of the school's $2 million investment to keep the premises safe. It vowed also to have all their students and the staff tested upon their arrival and throughout the academic year.

Albion College
Parents protest against Albion College’s mandatory use of contact tracing app Leroy Evans/Unsplash

Unlike other universities that switched to online schooling, Albion is only allowing classroom instruction. Meanwhile, classes would be smaller and the semester would end earlier than December, just in time for Thanksgiving.

Albion College President Dr. Mathew Johnson said the school "chose to take the tact of investing in our community," safety, good health practices as well as training and education of faculty, staff, and students," instead of completely going online.

However, the school is currently under fire as the app would invade students' privacy. The school's policy for mandatory use of the app triggered privacy concerns and parents started a petition to make the app optional for the students.

Parent's Petition to Make staying on campus and Aura app optional for students optional at Albion College
screenshot of the Change.Org petition Change.Org

Currently, downloading and installing the app is now a requirement for admission, and failure to do so will result for a one-year suspension. Students will also face the risk of suspension or being kicked out if they turn off their location and if they violate the policy, according to Daily Mail.

The Aura app will track students' locations within the school 24/7 and alert the school authorities when they went out of the premises. They are only allowed to visit certain premises included in the list given to students, all within the five-mile radius. The app also alert the school when a student tested positive for COVID-19 while those who came close to the student will be advised by its contact-tracing feature.

Parents question the app's constant access to students' locations as it invades students' privacy. However, the administration defended the app that it is necessary in tracking the spread of any exposure.

In an online Q&A, the school noted that the "a student's location data will be accessed is if they test positive" or if they did not follow proper procedure when they leave the campus.

Read also: Fauci Warns over 'COVID-19 and Flu Convergence', Calls for 'Universal Wearing of Masks' at Schools

Aura App: loopholes and vulnerabilities

While it is sounded reasonable, the policy has loopholes as the staff and professors are allowed to travel in and out of the campus. One student told Free Beacon that it does not make sense to him. "I feel like I am being treated like a five-year-old that cannot be trusted to follow rules," Andrew Arszulowicz said.

Albion said in an online Q&A that the "only time a student's location data will be accessed is if they test positive or if they leave campus without following proper procedure." But the school has not said how it will ensure that student location data is not improperly accessed, or who has access.

Worse, at least two security vulnerabilities are found after the app was launched. The first one allows access to the app's back-end servers while the other provides access to a student's COVID-19 test results.

An Albion student dug dip into the app to find how it works and posted her findings on Twitter. Twitter user @Q3w3e3 said she found hardcoded keys for the app's backend servers, hosted on Amazon Web Services.

"These keys in the app exposes..... New Case info... testing info... and medical insurance info," she added pleading the school admin to reconsider the app's use.

She has reported her findings to the developer, but Nucleus did not return her messages.

Read also: Alberta's COVID-19 Contact-Tracing App Poses Security Risk on Apple Devices, Warns Privacy Commissioner

This is owned by Tech TImes.

Written by CJ Robles

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics