Coronavirus outbreak: Are contact tracing apps causing more issues?
When pandemics before COVID-19 swept through the world, prevention methods were much more limited than they are now. Due to rapid technological advances, health experts have been rushing to find more creative solutions to stop the spread of the highly infectious COVID-19.
In order to track coronavirus cases, public health experts have come up with novel contact tracing apps which have been launched in countries all over the world. These apps have a significant role during the pandemic because they help determine who might have been exposed to COVID-19 and in turn who should be tested and isolated.
However – like many apps – these contact tracing apps have the potential to collect personal information about the user which exposes your movements, activities, & relationships. While the apps were designed with COVID-19 prevention strategies in mind, they present alternate risks to the population.
Defcon discoveries
Defcon is the world’s largest underground hacking conference which took place online last week. Like one could imagine, COVID-19 contact tracing apps were a significant focus. Two Defcon presentations found that contact tracing apps failed to protect user privacy. Their findings affirmed that the apps collect unneeded information.
Government apps that seek extraneous data should signal alarm bells. Eivind Arvesen, a security researcher from Norway, presented at Defcon and prodded countries to consider their true objective. He emphasized that they should be asking themselves, “How little data can I get away with to try to solve this concrete issue, and no more?”
Arvesen used Norway’s now-defunct contact tracing app as an example. He was on the team that helped review the app for government funded third-party audits. Arvesan found that Norway’s app gathered the user’s location data and gave them an identification code.
While this information sounds like the necessary data, privacy experts say that location data & user idefinitiers should be avoided in order to make it harder for people to abuse the data. In fact – where two people come in contact isn’t essential knowledge at all. What matters is that they met.
Due to privacy concerns from reviewers like Arvesen & Norway’s Data Protection Authority, the app was investigated and quickly terminated. The app failed to adequately explain the purpose of its data collection and even stored data regarding those who were not COVID-19 positive. While some believe this information gathering justified during this crisis, others worry that the data violation threat is too alarming.
Widespread data collection
The United States has at least a dozen COVID-19 apps with over 100 thousand downloads. But these data-hungry apps are widespread. Creators of the app COVID-19 App Tracker reported that after scanning 136 apps globally, most call for users to permis information tracking that they don’t actually need.
In fact, three quarters of them asked for location data. Even apps that simply track COVID-19 symptoms have asked users for their location information. Unknowing users may blindly allow this information to be shared despite how irrelevant it is to the app’s purpose.
The data collection has a wide range of sources. App developers & policymakers come from different countries which exposes citizens to varying levels of surveillance & transparency. When these apps are compared globally it’s clear that there is no unified system. Some apps are produced by small groups of coders while others come from big teams from Apple & Google.
Tracking the tracing
Megan DeBlois, a creator of COVID-19 App Tracker, formed a team (all volunteers) bent on evaluating the governmental COVID apps that are made available to the public in places like the Google Play store. DeBlois’s app will push for government transparency – hopefully letting the code be open-source so privacy researchers can identify blaring issues with user security.
MIT Technology Review also reports that they are creating a “Covid Tracing Tracker” which is, “a database to capture details of every significant automated contact tracing effort around the world.” Similarly concerned about the vast number of potentially threatening app services flooding in, MIT worries about what the government could do with the information gathered.
The expansive database that is recording the potentially invasive Covid tracing apps asks if the app is voluntary, if there are data-limitations, when the data will be destroyed, as well as how transparent & minimized governmental data collection is. Before users rush into downloading these apps, it’s essential to analyze these many potentially invasive aspects of its data collection.
—
Do you trust COVID-19 Tracing apps? Let us know what you think.