"Australia's coronavirus tracing app, dubbed COVIDSafe, has been released as the nation seeks to contain the spread of the deadly pandemic," reports ABC.net.au: People who download the app will be asked to supply a name, which can be a pseudonym, their age range, a mobile number and post code. Those who download the software will be notified if they have contact with another user who tests positive for coronavirus... Using Bluetooth technology, the app "pings" or exchanges a "digital handshake" with another user when they come within 1.5 metres of each other, and then logs this contact and encrypts it.

The data remains encrypted on a user's phone for 21 days, after which it is deleted if they have not been in contact with a confirmed case. The application will have two stages of consent that people will have to agree to: initially when they download the app so data can be collected, and secondly to release that data on their phone if they are diagnosed with the virus. If a person with the app tested positive to COVID-19, and provided they consent to sharing the information, it will be sent to a central server. From here, state and territory health authorities can access it and start contacting other people who might have contracted coronavirus...

The app is voluntary and it will be illegal to force anyone to download it.
In addition, Australia "will make it illegal for non-health officials to access data collected on smartphone software to trace the spread of the coronavirus," reports Reuters, citing comments Friday by Prime Minister Scott Morrison "amid privacy concerns raised by the measure." Australia has so far avoided the high death toll of other countries, with only 78 deaths, largely as a result of tough restrictions on movement that have brought public life to a standstill. The federal government has said existing "social distancing" measures will remain until at least mid-May, and that its willingness to relax them will depend on whether people download the smartphone "app" to identify who a person with the illness has had contact with...

Morrison also confirmed a local media report which said the data would be stored on servers managed by AWS, a unit of U.S. internet giant Amazon.com Inc, but added that "it's a nationally encrypted data store".
"The spec for it is very privacy-positive," writes Slashdot reader Bleve97, adding "It will be interesting to see what it looks like once it's been disassembled in a sandbox and played with!"

And Slashdot reader betsuin has already installed it (adding that the app "does not require GPS... I've installed, GPS is off on my rooted device."

Reuters reports: Google and Apple have sought to build public trust by emphasizing that the changes they are making to Bluetooth to allow the tracing apps to work will not tap phones' GPS sensors, which privacy activists see as too intrusive. But the states pioneering the apps -- North and South Dakota, and Utah -- say allowing public health authorities to use GPS in tandem with Bluetooth is key to making the system viable...

Apple and Google said on Friday that they still have not decided how to proceed. "I would encourage them to go for the 'and' and not the 'or' solution," North Dakota Governor Doug Burgum said of Apple and Google in an interview late Thursday. "During this new normal, there is a place for having solutions that protect privacy and enable more efficient contact tracing," said Burgum... "What Utah wanted to understand is not just who is spreading [the virus] to whom but also location zones," said Jared Allgood, chief strategy officer for Twenty, the startup which developed Utah's app for an initial $1.75 million. GPS location data allows authorities to decide which businesses may need to be closed because the virus is spreading there, and prioritize which contacts of diagnosed patients to test...

Anonymized GPS location data is already playing a key role in an early version of Care19, an app that about 40,000 people have signed up for in North and South Dakota. Authorities currently ask Care19 users to give them permission for timestamped GPS location data, which allows officials to manually call places where users could have spread the virus and ask for names and numbers of others who may have been there at the same time.
North Dakota's governor suggests that not everyone is concerned about sharing their GPS data. "Some people are completely opposed to an intrusion on privacy," he told Reuters, "but there's a younger generation sharing their location on dozens of apps. There may be a set of people highly social, young and going out to bars who may see this tool as fantastic."

And Yahoo News reports another concern about contact tracing. "Some argue the information should be pushed out to a central server managed by a trustworthy government or health care entity, while others insist that data remain on individual devices."

An anonymous reader quotes a report from The Verge: On Friday, Apple and Google revised their ambitious automatic contact-tracing proposal, just two weeks after the system was first announced. An Apple representative said the changes were the result of feedback both companies had received about the specifications and how they might be improved. The companies also released a "Frequently Asked Questions" page, which rehashes much of the information already made public. On a call accompanying the announcement, representatives from each company pledged for the first time to disable the service after the outbreak had been sufficiently contained. Such a decision would have to be made on a region-by-region basis, and it's unclear how public health authorities would reach such a determination. However, the engineers stated definitively that the APIs were not intended to be maintained indefinitely.

Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user's private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. As part of the change, the daily key is now referred to as the "temporary tracing key," and the long-term tracing key included in the original specification is no longer present. The new encryption specification also establishes specific protections around the metadata associated with the system's Bluetooth transmissions. Along with the random codes, devices will also broadcast their base power level (used in calculating proximity) and which version of the tool they are running. The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact-tracing system, it is now referred to as an "exposure notification" system. The companies say the name change reflects that the new system should be "in service of broader contact tracing efforts by public health authorities."

An anonymous reader quotes a report from The New York Times: The alarming messages came fast and furious in mid-March, popping up on the cellphone screens and social media feeds of millions of Americans grappling with the onset of the coronavirus pandemic. Spread the word, the messages said: The Trump administration was about to lock down the entire country. "They will announce this as soon as they have troops in place to help prevent looters and rioters," warned one of the messages, which cited a source in the Department of Homeland Security. "He said he got the call last night and was told to pack and be prepared for the call today with his dispatch orders." The messages became so widespread over 48 hours that the White House's National Security Council issued an announcement via Twitter that they were "FAKE."

Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters. The amplification techniques are alarming to officials because the disinformation showed up as texts on many Americans' cellphones, a tactic that several of the officials said they had not seen before. [...] Two American officials stressed they did not believe Chinese operatives created the lockdown messages, but rather amplified existing ones. Those efforts enabled the messages to catch the attention of enough people that they then spread on their own, with little need for further work by foreign agents. The messages appeared to gain significant traction on Facebook as they were also proliferating through texts, according to an analysis by The New York Times. "American officials said the operatives had adopted some of the techniques mastered by Russia-backed trolls, such as creating fake social media accounts to push messages to sympathetic Americans, who in turn unwittingly help spread them," the report adds.

"American intelligence officers are also examining whether spies in China's diplomatic missions in the United States helped spread the fake lockdown messages, a senior American official said. [...] And the apparent aim of spreading the fake lockdown messages last month is consistent with a type of disinformation favored by Russian actors -- namely sowing chaos and undermining confidence among Americans in the U.S. government."

Rei writes: A paper recently published by The American Society of Tropical Medicine and Hygiene adds further support to recent CDC guidelines for minimizing the use of invasive ventilators. As physicians had been voicing concern that doctors were being too eager to put patients on invasive ventilation and may be doing more harm than good, the investigators looked into outcomes of intubated patients vs. non-intubated patients experiencing hypoxia. Unlike with other forms of pneumonia, they found that COVID-19 patients were unusually damaged by invasive ventilation but also able to tolerate higher levels of anoxia -- to the point that one doctor recalls having to tell patients to get off their cellphones so that they could be intubated. The recommendation is that guidelines be adjusted to discourage invasive ventilation unless a patient is physically struggling to breathe, rather than relying strictly on oxygen levels; otherwise, the use of non-invasive ventilation, such as CPAP and BiPAP, should be encouraged. When invasive ventilation is used, oxygen levels should be minimized in order to reduce the risk of damaging healthy tissue.

An anonymous reader quotes a report from 9to5Google: Motorola hasn't had a true flagship on the market in a few years after its Moto Z line was downgraded to mid-range status. Today, though, the company has officially unveiled the Motorola Edge and Edge+ with the Snapdragon 865, crazy cameras, and more. Here's what you need to know. The Motorola Edge+ is the true flagship of the two, offering a Snapdragon 865 processor, 12GB of RAM, 256GB of storage, and a 6.7-inch FHD AMOLED display that has a "waterfall" curve on either side, a hole-punch containing the 24MP selfie shooter, and a 90Hz refresh rate. The Motorola Edge+ also features wireless charging, 18W wired charging, and a triple camera system. There's a 108MP sensor to headline that array, but also a 16MP ultrawide shooter and 8MP telephoto lens. There's also a 5,000 mAh battery to ensure plenty of power. It even offers reverse wireless charging.

What about the regular Motorola Edge? That device makes pretty smart cuts to keep a lower price. It has the same display and overall design but uses a Snapdragon 765 to keep 5G and good performance. It's paired with Android 10 and either 4GB or 6GB of RAM and 128GB of storage on all models. There's also a 64MP camera backed up by the same 16MP ultrawide and 8MP telephoto shooters. The regular Edge does lose wireless charging, though for its 4,500 mAh battery. Here's one fun part of both of these phones. They still have headphone jacks. Both the Edge and Edge+ also feature 5G support (only sub-6 for the Edge), offer red or black colors, and use their curved displays for a few neat software tricks. Both are also promised at least one major Android upgrade, too. As for pricing, the Motorola Edge+ will be available exclusively via Verizon for $1,000, or $41.66/month. The price of the regular Edge hasn't been announced yet, but it should be considerably cheaper and more broadly available.

An anonymous reader quotes a report from Ars Technica: As many as a billion mobile phone owners around the world will be unable to use the smartphone-based system proposed by Apple and Google to track whether they have come into contact with people infected with the coronavirus, industry researchers estimate. The figure includes many poorer and older people -- who are also among the most vulnerable to COVID-19 -- demonstrating a "digital divide" within a system that the two tech firms have designed to reach the largest possible number of people while also protecting individuals' privacy.

The particular kind of Bluetooth "low energy" chips that are used to detect proximity between devices without running down the phone's battery are absent from a quarter of smartphones in active use globally today, according to analysts at Counterpoint Research. A further 1.5 billion people still use basic or "feature" phones that do not run iOS or Android at all. "In all, close to 2 billion [mobile users] will not be benefiting from this initiative globally," said Neil Shah, analyst at Counterpoint. "And most of these users with the incompatible devices hail from the lower-income segment or from the senior segment which actually are more vulnerable to the virus." Ben Wood, analyst at CCS Insight, estimates that only around two-thirds of adults would have a compatible phone. "And that's the UK, which is an extremely advanced smartphone market," he said. "In India, you could have 60-70 percent of the population that is ruled out immediately."

The report adds: "Counterpoint Research is more optimistic, estimating that 88 percent compatibility in developed markets such as the US, UK, and Japan, while about half of people in India would own the necessary handset."

Huawei was recently caught passing off photos taken with a DSLR as ones shot with one of its phones. PhoneDog reports: Earlier this month, Huawei kicked off a contest for its Next Image community, and a video on Weibo included several high-quality photos and at the end said they were "taken with Huawei smartphones." As South China Morning Post notes, though, Weibo user Jamie-hua found that some of those photos were actually taken with a $3,500 Nikon D850 DSLR camera. The photos were found on 500px, an online photography site, and were taken by photographer Su Tie.

Huawei has since apologized and said that the photos were incorrectly marked due to "an oversight by the editor." The company has also updated its original promo video for the contest to remove the claim that the images were taken with Huawei phones. This isn't the first time something like this has happened to Huawei. In 2018, an ad appeared to show that a selfie was taken with the Huawei Nova 3, but it was actually snapped with a DSLR.

SecurityWeek editor wiredmikey shares new that Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) "have launched a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords."

Security Week reports: The technology used is not new, being based on X.509 certificates and SSL (invented by Netscape some 25 years ago and still the bedrock of secure internet communications). It is the opportunity provided by the modern smartphone with biometric user access, enough memory and power, and a secure enclave to store the private keys of a self-certificate that never leaves the device that is new. The biometric access ties the phone to its user, and the Beyond Identity certificate authenticates the device/user to the service provider, whether that's a bank or a corporate network...

"When this technology was created at Netscape during the beginning of the World Wide Web, it was conceived as a mechanism for websites to securely communicate, but the tools didn't yet exist to extend the chain all the way to the end user," commented Jermoluk. "Beyond Identity includes the user in the same chain of certificates bound together with the secure encrypted transport (TLS) used by millions of websites in secure communications today...."

With no passwords, the primary cause of data breaches (either to steal passwords or by using stolen passwords) is gone. It removes all friction from the access process, takes the password reset load off the help desk, and can form the basis of a zero-trust model where identity is the perimeter.
Though they're first focusing on the corporate market, their solution should be available to consumers by the end of 2020, the article reports, which speculates that the possibility of pre-also installing the solution on devices "is not out of the question."

Samsung is launching a more budget-friendly version of the Galaxy S10, called the Galaxy S10 Lite. According to The Verge, it'll be available in the U.S. starting tomorrow for $650. The Verge reports: The Galaxy S10 Lite is a budget version of the Galaxy S10 flagship, and it has a 6.7-inch Super AMOLED Infinity-O display at 2400 x 1080 resolution, a Snapdragon 855 processor, and a triple-lens rear camera setup with a 5-megapixel f/2.4 macro lens; a 48-megapixel F2.0 wide-angle lens with "Super Steady OIS;" and a 12-megapixel f/2.2 ultra-wide with a 123-degree angle lens. The company also announced the Galaxy Tab S6 Lite that'll be available in Q2 2020 with a starting price of $349. "The Galaxy Tab S6 Lite has a 10.4-inch screen, an S Pen that can snap to the tablet's body via magnets, an 8-megapixel rear camera lens, a 5-megapixel front camera lens, and a headphone jack," reports The Verge. "You'll also be able to buy an LTE version of the tablet."

An anonymous reader quotes a report from Ars Technica: Huawei is still using components made by U.S. companies in its newest flagship smartphone, a Financial Times teardown has found, despite the U.S. all but blacklisting the Chinese telecoms equipment manufacturer. The teardown was done by XYZone, a Shenzhen-based company that disassembles smartphones and identifies the suppliers of their components. The biggest surprise was that some parts from U.S. companies were still ending up in the newest Huawei smartphone, despite the U.S. all but banning its companies from selling to the Chinese tech company.

The P40's radio-frequency front-end modules were, according to XYZone's teardown analysis, produced by Qualcomm, Skyworks, and Qorvo, three U.S. chip companies. RF front-end modules are critical parts of the phone that are attached to the antennas and required to make calls and connect to the Internet. The Qualcomm component is covered by a license from the U.S. Commerce Department, according to a person familiar with the company. [...] The "Entity List" designation means that U.S. companies have to apply for a license to export any U.S.-origin technologies to Huawei. The U.S. government has granted a "temporary general license" to its companies, allowing them to sell to Huawei to service existing products -- helping clients such as telecoms carriers that may need to replace parts of their wireless equipment. But the general license does not cover sales for the purpose of making new products, such as the P40 smartphone. For that, companies must seek individual licenses, and the Department of Commerce has not said which ones it has granted them to. A spokesperson for Huawei said the company has "always complied with any export control regulations of various countries, including the United States" and that "all the product materials are obtained legally from our global partners, and we insist on working with our partners to provide consumers with high quality products and services."

Also missing from the P40 are parts from U.S. chipmaker Micron. "Micron made the storage devices called NAND flash memory chips for some batches of last year's P30 smartphone, and South Korea's Samsung made the same chips for other batches," reports Ars. "The FT's copy of this year's P40 Pro appears to have only Samsung NAND flash memory chips."

LG is ditching the "G" series branding on future smartphones. The company released the LG Optimus G1 Pro in 2013 and went on to release a new "G" series flagship smartphone every year since, with the most recent being the LG G8X ThinQ. 9to5Google reports: The Korea Herald and Naver have reported over the weekend that LG has decided to stop using the G series branding on future smartphones. Instead, LG would use separate names for each smartphone model with the names "focused on each model's design or special feature." Apparently, a goal for LG is to bring back the success of its "Chocolate" phones from the 2000s. Those devices had a different name for every model focusing on a specific design or software feature. Apparently, this change would take effect starting with the device we previously knew as the "LG G9 ThinQ." It's unclear what that device will be called at this point, but the device is rumored to be less of a flagship, using Qualcomm's Snapdragon 765 instead of the more powerful Snapdragon 865. While this branding decision was reportedly made public in Korea, LG's PR isn't confirming it globally yet.

An anonymous reader quotes the Wall Street Journal: Government officials across the U.S. are using location data from millions of cellphones in a bid to better understand the movements of Americans during the coronavirus pandemic and how they may be affecting the spread of the disease...

The data comes from the mobile advertising industry rather than cellphone carriers. The aim is to create a portal for federal, state and local officials that contains geolocation data in what could be as many as 500 cities across the U.S., one of the people said, to help plan the epidemic response... It shows which retail establishments, parks and other public spaces are still drawing crowds that could risk accelerating the transmission of the virus, according to people familiar with the matter... The data can also reveal general levels of compliance with stay-at-home or shelter-in-place orders, according to experts inside and outside government, and help measure the pandemic's economic impact by revealing the drop-off in retail customers at stores, decreases in automobile miles driven and other economic metrics.

The CDC has started to get analyses based on location data through through an ad hoc coalition of tech companies and data providers — all working in conjunction with the White House and others in government, people said.

The CDC and the White House didn't respond to requests for comment.
It's the cellphone carriers turning over pandemic-fighting data in Germany, Austria, Spain, Belgium, the U.K., according to the article, while Israel mapped infections using its intelligence agencies' antiterrorism phone-tracking. But so far in the U.S., "the data being used has largely been drawn from the advertising industry.

"The mobile marketing industry has billions of geographic data points on hundreds of millions of U.S. cell mobile devices..."

ZDNet reports that Singapore is fighting the coronavirus with a new smartphone app named "TraceTogether". The app is able to estimate the distance between TraceTogether smartphones as well as the duration of such interactions. The data then is captured, encrypted, and stored locally on the user's phone for 21 days, which spans the incubation period of the virus. When needed in contact tracing, users will have to authorise the uploading of their TraceTogether data to Singapore's Ministry of Health, which then will assess the information and retrieve the mobile numbers of close contacts within that period of time.

Developed by Government Technology Agency (GovTech), alongside the health ministry, the app was designed to help speed up the contact tracing process and stem the spread of COVID-19, the government IT office said. GovTech said the current processed depended heavily on the memory of patients, who might not be ale to remember all close contacts or have the contact details and information of these individuals. The mobile app can plug the gaps and more quickly identify potential carriers, who then can monitor their health and take the necessary action sooner...

Data logs were stored locally on the mobile phone and contained only cryptographically generated temporary IDs. The data logs would be extracted only when needed by the authorities for contact tracing, it said.

Longtime Slashdot reader dbart writes: With the near ubiquitous use of smartphones in America, it's sensible to seize upon this resource to help with the coronavirus pandemic. Here's my take on a way to use smartphones to deal with the pandemic:

America does not currently have a good coronavirus test -- but they are in development. Once a test is available there should be a smartphone app ready to deploy immediately. The app should work like this: A person would be tested for the virus at a testing station and the results of the test would be entered into the app's database. The person could then go about their business, such as going back to work. Upon arriving at the place of work, the person would bring up the app on their smartphone. The app would display some information to identify the subject that was tested along with a barcode. The employer would then scan in the barcode with the app on the employer's phone which will check with the central database and report back the results of their coronavirus test and the recency of the test. The employer would decide whether to allow the person into the workplace. This could similarly be used to safely allow entry to a restaurant, airplane, theater, sporting event, etc. -- thus getting the economy functioning again.

I've only presented a rough sketch of my idea about this above and there's many nuances to how this should work. It's obvious that everyone should be tested frequently for this to be effective. This would require testing on a massive scale, but considering the damage happening to the American economy, such massive testing could easily be justified. A capability as described above would get the American economy restarted at the soonest possible time and would allow society to function until a vaccine is available. It would also be a very valuable asset to epidemiological investigators. If an app was designed with enough forethought it could be deployed internationally. I'm hoping to get not just a Slashdot conversation but a larger conversation started about the use of technology to defeat this virus. Perhaps there's a Slashdotter with the skillsets to make this happen who would like to take this on. If anyone has a contact at the CDC please forward this post to them to insure that technological solutions such as this are being considered.

HMD Global today unveiled its latest Nokia-branded mobile phones. "The Nokia 8.3 5G is the world's first global 5G phone, which means it supports bands in every country in which 5G is currently deployed," reports Android Police. "At the same time, the Nokia 5.3, 1.3, and a new roaming data plan from HMD also made their debut." From the report: Powered by the Qualcomm Snapdragon 765G mobile platform, the Nokia 8.3 5G promised a future-proofed experience as it supports more 5G bands across the entire range (NSA/SA/DSS) than any handset currently on the market. It features a 6.8-inch FHD+ (2400x1080p) display with a hole-punch cutout for the 24MP selfie camera, but it's a shame to see the Nokia logo plastered on the chin. On the rear, there are four cameras including a 64MP main sensor with Zeiss optics complemented by a 12MP ultra-wide lens, plus 2MP depth and macro sensors. The fingerprint scanner lies within the power button on the side, while a USB-C port, 3.5mm headphone jack, and dedicated Google Assistant button are all onboard. Battery capacity is rated at 4,500mAh, and NFC is also included for mobile payments. The Nokia 8.3 5G starts at just 599 euros ($640) for the 6/64GB model, with an 8/128GB variant also available for 649 euros ($649) -- it'll go on sale in the summer. [The U.S. launch hasn't been announced yet, but the 8.3 is coming to Europe in summer 2020.]

Misleading text messages claiming that President Trump was going to announce a national quarantine buzzed into cellphones across the country over the weekend, underscoring how rapidly false claims are spreading -- and how often it is happening beyond the familiar misinformation vehicles of Facebook and Twitter. From a report: The false texts spread so widely that on Sunday night the White House's National Security Council, fearing the texts were an attempt to spook the stock market as it opened Monday, decided to directly debunk the misleading claims in a Twitter post: "Text message rumors of a national #quarantine are FAKE. There is no national lockdown." But by then the messages already had spread widely, as had similar ones both in the United States and Europe in recent days. Text messages, encrypted communication apps such as WhatsApp and some social media platforms have carried similarly alarming misinformation, much of it with the apparent goal of spurring people to overrun stores to buy basic items ahead of a new wave of government restrictions.

The one claiming that Trump was going to impose a national quarantine included the advice: "Stock up on whatever you guys need to make sure you have a two week supply of everything. Please forward to your network." In fact, authorities have warned against aggressive buying that could disrupt supply chains and fuel panic. Trump addressed the misleading text messages at an afternoon news conference Monday, saying, "It could be that you have some foreign groups that are playing games." On the possibility of a national quarantine, Trump said: "We haven't determined to do that at all. ... Hopefully we won't have to."

Long-time Slashdot reader smooth wombat quotes CNN: Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 millionâ¦

"I was at home at my desk and I noticed a notification on my iPhone for a withdrawal request from one of my financial institutions, and I thought, 'That's weird. I didn't make a withdrawal request,'" Ross recalled. "Then I looked back at my phone and I saw that I had no service...."

Ross was the victim of a SIM hack, an attack that occurs when hackers take over a victim's phone number by transferring it to a SIM card they control. By taking over his cellphone number, a hacker was able to gain access to his email address and ultimately his life-savings, Ross said in an interview with CNN Business...

An arrest was made in Ross' case, and the suspect has pleaded not guilty... He is suing AT&T for what he alleges was a failure by the company to protect his "sensitive and confidential account data" that resulted in "massive violations" of his privacy and "the theft of more than $1 million," according to the lawsuit.

According to a report from The Information, Huawei expects to see a 20% drop in sales of its Android smartphones during 2020, thanks largely to U.S. government restrictions on Huawei's access to American technology, including Google software. 9to5Google reports: "Huawei's overseas smartphone sales didn't collapse last year in part because the company could keep selling some of its old models that the Google ban didn't affect," reports The Information. "But this year, Huawei expects its shipments to fall to around 190 million to 200 million smartphones, according to these people." The 240 million figure in 2019 was thanks largely in part to the timing of the U.S. ban. Huawei's extremely popular P30 and P30 Pro smartphones still shipped with Google apps in most regions and, because they were launched before the ban took place, Huawei was able to continue updating the devices, even launching a slightly revamped variant to boost sales. This year will certainly be bleaker as Huawei won't be able to support Google apps on its P40 series, set to launch later this month. Other factors such as the coronavirus outbreak could only further have an impact on Huawei's sales this year.

JustAnotherOldGuy shares a tale for our time: "I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime," said Zachary McCoy. Yep, that's all it took. Google's legal investigations support team emailed him to let him know that local police had demanded information related to his Google account. The man's lawyer dug around and learned that the notice had been prompted by a "geofence warrant," a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users' GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby.
NBC News reports: An avid biker, he used an exercise-tracking app, RunKeeper, to record his rides. The app relied on his phone's location services, which fed his movements to Google. He looked up his route on the day of the March 29, 2019, burglary and saw that he had passed the victim's house three times within an hour, part of his frequent loops through his neighborhood, he said. "It was a nightmare scenario," McCoy recalled. "I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime. And I was the lead suspect.
McCoy's lawyer "pointed to an Arizona case in which a man was mistakenly arrested and jailed for murder largely based on Google data received from a geofence warrant. McCoy said he may have ended up in a similar spot if his parents hadn't given him several thousand dollars to hire Kenyon."

"I didn't realize that by having location services on that Google was also keeping a log of where I was going," McCoy said. "I'm sure it's in their terms of service but I never read through those walls of text, and I don't think most people do either...."

The article also notes a Google filing last year reporting that the requests from state and federal law enforcement authorities incrased by more than 1,500 percent from 2017 to 2018, and then again by 500 percent from 2018 to 2019.