It’s no secret that countries have rushed out contact tracing apps in response to the sweeping effects of the pandemic. As such, not everyone has developed their app(s) with user privacy in mind, let alone have time to work out any security issues.
Not sure whether your government or local app developers have provided a safe experience? Well, ProPrivacy provides an in-depth look at the state of contact tracing around the globe, so that should be your first stop.
If you look up your country, you may find a summary of:
- The tracking technology used by your local contact tracing apps, as well as the privacy framework they’re built on (if applicable)
- What personal data it collects (if any, as Bluetooth-only solutions don’t collect any personally identifiable info)
- Who can access your data
- Where that data is stored
Read on for what all of this information means for your privacy and data security. But first, a look at whether digital contact tracing actually keeps the pandemic at bay.
Where Contact Tracing Apps Show Promise
South Korea has proven that digital contact tracing can be effective. Of course, most of the credit should go towards the Immediate Response Teams that worked with the data gathered by the app. Although South Korea was once the second worst hit by Covid-19, the country has managed to avoid the crippling lockdowns seen around the world.
Elsewhere, governments are saying that digital contact tracing is not meant to be a replacement for traditional methods, but a helpful addition. Germany’s stance in particular is that they’d use “every tool available” to combat the spread of the pandemic.
Data privacy is an issue where contact tracing apps don’t follow a decentralized model (using Bluetooth or similar tech). If you take a look at ProPrivacy’s list of apps from around the world, many of them collect way more data than necessary – including location and financial data.
Perhaps the most absurd and intrusive use of contact tracing app location data was in Bahrain. Users were automatically signed up for a game show where users could win money if they were found obeying lockdown rules, as a way to “incentivize app usage.” While it is possible to opt out, the app still attracted criticism from human rights organizations for other privacy issues.
There are, of course, a couple of countries that are doing it right. Switzerland and Germany’s apps in particular were highly rated on the ProPrivacy index (with scores of 10 and 9, respectively). The US-based apps “Covid Watch” and “Novid” didn’t do too badly, either – with a score of 8 each.
Are Contact Tracing Apps Safe from Cyber Attacks?
Cybersecurity experts have discovered several security flaws in the NHS contact tracing app. One of them could allow hackers to block Covid-19 alerts or send out fake ones, causing more unnecessary chaos. Additionally, experts warn of the potential for the app to be turned into a surveillance system after the virus has been dealt with.
This problem is not limited to the UK, of course. Multiple governments around the world are now trying to fix glaring security holes in the apps they’ve rushed out. Not even Bluetooth-based contact tracing solutions are spared, even though they collect no personal data. One issue app users will face is the risk of man-in-the-middle attacks. To be fair, hackers will find it difficult to pull off without you noticing, since the range of Bluetooth is only around ten meters. In the end, it seems contact tracing apps still have a ways to go before they can be considered safe.