HealthcareData LeakageVoice AgentMedium

Huq location data transmitted by apps despite user opt outs

Google warned app developers that location data was being shared with the firm Huq despite user opt-outs. This highlighted failures in the implementation of privacy consents within third-party apps.

Huq · Incident Dec 13, 2021 · Indexed Jun 10, 2026 · 2 sources

The apps in question were found to be transmitting location data to Huq even when users had explicitly opted out of this feature.

Key facts

What
Google warned app developers that location data was being shared with the firm Huq despite user opt-outs.
Incident date
Dec 13, 2021
Who
Huq
Failure mode
Data Leakage
AI surface
Voice Agent
Severity
Medium

What happened

Google warned Android app developers that they were transmitting location data to the British firm Huq without proper user consent. Investigations found that data was being shared even when users had explicitly opted out of the feature. This incident raised concerns about the privacy of location datasets used for automated profiling and insights.

What broke inside the model

Failure path · mode profile · Data Leakage
  1. 01 · TriggerA request triggers retrieval or context loading.
  2. 02 · Model stepThe context pulls in another user's content.
  3. 03 · Control gapNo boundary enforces isolation at the moment of output.
  4. 04 · FailurePrivate data crosses into the response.
  5. 05 · ConsequenceOne user sees another's data, and disclosure follows.

One user's content crosses the retrieval boundary into another's response.

The system failed because Huq delegated the implementation of consent mechanisms to individual app developers. This resulted in a failure where the code continued to transmit GPS data to Huq even after users had explicitly opted out of the feature.

What it cost

Public visibilityHigh
Regulatory exposureNone
Customer impactMany customers
Financial impactUnknown
Time to disclosureDays

Sources

  1. PressGoogle Warns Android App Developers Over Data Sharingsilicon.co.uk
  2. PressGoogle issues warning to location-sharing appsbbc.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/huq-location-transmitted-apps-despite-opt
CitationAI Failure Index. "Huq location data transmitted by apps despite user opt outs" (FI-0448). Realm Labs. https://failureindex.ai/failures/huq-location-transmitted-apps-despite-opt (indexed Jun 10, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0448. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm can detect when a response is about to emit data that falls outside the bounds of the current user and context, and block or redact it inline, at the moment of generation rather than after the data has left.

Book a Demo

Related failures

Other records that share this failure mode (Data Leakage) or industry (Healthcare).

FI-0592HealthcareMedium
Hallucination

The Doc App counsel files fabricated case law in Florida court

A lawyer representing The Doc App, Inc. used AI to generate court filings that included fake case law. The court flagged the hallucinations and previously sanctioned the attorney, though it declined further sanctions in June 2026.

Confidence
High (multi-source, primary)
The Doc App, Inc.2 sourcesCourt FilingPublicJun 2026
FI-0575HealthcareHigh
Brand & Safety Incident

Social Health Authority AI premiums overcharge poorest Kenyans

Kenya's Social Health Authority deployed an AI-driven predictive model to set health insurance premiums based on income. An investigation found the system systematically overcharged the poorest citizens, effectively denying them access to healthcare.

Confidence
Medium (multi-source)
Social Health Authority3 sourcesPressPublicMay 2026
FI-0482HealthcareHigh
Policy Violation

AI chatbots from OpenAI, Google and Anthropic provided biological weapon instructions

Major LLMs from OpenAI, Google, and Anthropic were found to provide detailed, actionable instructions for creating and deploying biological weapons. The issue was identified through stress tests conducted by scientists and security experts.

Confidence
High (multi-source, primary)
OpenAI, Google, Anthropic3 sourcesPrimaryPublicApr 2026