With the world facing the Covid-19 upheaval, mobile app development companies have come up with contact tracing apps. What do these apps do? The contact tracing apps have got deployed in various countries as a way to stop the spread of this deadly virus. How exactly? These apps operate by recognizing people who’ve tested COVID positive, pushing them to share the information, locating users with whom they had close contact with during the virus, and then letting them know.
However, there is a debate circulating around these apps. To be completely capable, they have to track and monitor the precise locations of its users. But such a monitoring system can pose a danger to users’ privacy, more so if the information falls under people with malicious intentions. Check Point Research, a cyberthreat intelligence provider, posted a blog that portrays the struggles and dangers faced by these apps and provides some tips to its users.
These apps operate by sensing the vicinity of one user with another. To locate a person’s location, such apps deploy either GPS or Bluetooth, notably Bluetooth Low Energy (BLE). With BLE, the person’s smartphone periodically broadcasts data with a unique ID. With GPS, the accurate location of the person is constantly logged.
The contact tracing process has some of the following procedure to follow:
1. Register the connection between gadgets when they are in close vicinity.
When users use the same contact tracing app and are closeness to one another, that data is registered with the app,
If any person turns out to be positive for the virus, the person is supposed to give that information via the app, or a few times, the app automatically shares the data without the person’s awareness.
2. When a user gets infected, upload contact information to the app backend.
The app then sends notifications to the users who were in closeness with the infected person.
3. App notifies every person in closeness with the infected.
Although this process sounds simple and feasible, it is not as easy to practice in the real world. To make it work effectively, it has to be installed and registered by many people. Moreover, the infected user has to inform them about their positive status willingly, or else the pattern gets disrupted, and the process ceases to work. However, the act of being observed and reporting your status raised the privacy questions and possible abuse.
Check Point Research questioned such apps—
- What information gets gathered, how and where it gets recorded, and how it gets disseminated?
- Is the information secured?
- Are authorization & verification techniques used to safeguard against the misuse?
- Considering the data given such as phone number, name, and ID is the identity kept anonymous?
- Whether or not the user information gets shared with user consent and awareness?
The approach used by contact tracing apps also puts in the questions of effectiveness vs. privacy.
Apps Posing Risks & Concerning Issues.
GPS location tracking used by these apps can help save and records an index of the person’s ongoing locations & timestamps. The data can help trace the virus spread within a particular geography. But GPS tracking can also misuse the user’s privacy by disclosing their locations and travel history over a long period. The following are the apps that use GPS— India’s Aarogya Setu, Cypress’ Cove Tracer, Israel’s Hamagen, to name a few.
Cybersecurity professionals and privacy advocates have critical questions on the functioning of the Aarogya Setu app. It gets claimed that this app invades civilians’ privacy since the government can use the app and the information to observe and regulate individuals. A well-known French ethical hacker alerted security risks in the app and leaked a few info gathered from the app over Twitter.
The BLE apps are considered more secure and private, as these apps don’t disclose the person’s identity. But, these apps are not much reliable because, without the use of GPS, they aren’t able to track the infection globally. A few instances are— Australia’s COVIDSafe, Singapore’s TraceTogether, and UK’s NHS COVID-19.
Learning from these countries, the Indian government made the app open-source a while ago, thus making it open for researchers, coders, developers, and hackers to search for some errors or loopholes in the app. The government has proposed a new scheme of awarding INR 100,000 by reporting any bugs in the app and thus helping them do better. However, the open-source code of the app only displays how the app communicates with the user revealing nothing on what is going on on the server-side. This poses extensive data privacy and security concerns.
Despite privacy issues around the contact tracing apps, many nations are taking proper measures. Europe follows strict privacy norms in the world. Switzerland has introduced the world’s first contact tracing app designed on the API platform created by Google and Apple jointly. Moreover, the UK is also making attempts to develop an API-based app by Google and Apple. Other countries like Austria, Italy, Ireland, and Germany are also planning to launch such an app with Apple and Google API.
For people using contact tracing app, Check Point provided these two tips:
Install the apps from official stores only: Users should only download contact tracing apps from the official app stores. The reason being that various fake contact tracing apps have got detected during the pandemic.
Use mobile security solutions: Download a mobile security solution to examine apps and safeguard the device against malware, also verify that the gadget has not got compromised.
The world is battling against this deadly virus, and during these unusual times, it is highly crucial to fight the infection and win the battle. To defeat this virus, humanity needs to stand together and let these apps do their job. Overly emphasizing on privacy matters will impact the world severely. Government and tech companies are genuinely making complete efforts on their side to offer the best, thus keeping people’s interests in mind. Releasing the open-source code of apps by countries, is an initial step toward combating the Coronavirus.
Harnil Oza is CEO of Hyperlink InfoSystem, one of the leading app development companies in USA and India, having a team of the best app developers who deliver the best mobile solutions mainly on Android and iOS platforms. He regularly contributes his knowledge on leading blogging sites.