Google on Thursday said it has taken action against a company that sold the location data of Android users.
The company, called SafeGraph, had sold data sets to customers, which it obtained by having software developers embed SafeGraph's code in their apps. One of the company's clients was the US Centers for Disease Control, which gathered data as part of its response effort to the coronavirus pandemic, according to an investigation by Motherboard.
Google said it sent a 7-day warning in June to all apps working with SafeGraph. The apps were required to remove the code that helped collect data for SafeGraph, or they would face enforcement on the Google Play marketplace.
SafeGraph and the CDC didn't respond to requests for comment.
The news comes as lawmakers have criticized big tech companies over access to user data. Earlier this year, Sen. Ron Wyden, a Democrat from Oregon, introduced a bill with several other senators that would require law enforcement to get a court order before obtaining personal information from third-party brokers.
Google has also received blowback in the past for how it treats location data on its own apps. Last year the search giant was hit with a consumer fraud case by Arizona Attorney General Mark Brnovich. The lawsuit was filed in response to a 2018 investigation by the Associated Press, which scrutinized Google's location data practices on phones running Android, the company's mobile operating system. The news outlet reported that Google still tracks people's whereabouts even if they turn off a setting called Location History.
If that setting is paused, the company still tracks where users go, though the app won't record the places they've been in their Google Maps timelines, the report said. Users could, however, pause location tracking by turning off another setting, called Web and Apps Activity.