4 critical issues surrounding contact-tracing apps

As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.

COVID-19 contact tracing app
Leo Patrizi / Getty Images

Researchers, governments and tech companies around the world are racing to create  mobile apps to track coronavirus exposure. Potentially dozens of these contact-tracing apps are under development or being debated across the countries of the world.

These apps typically follow either a centralized or decentralized approach, roughly corresponding to the level of government control over the apps and the different kinds of technology deployed on mobile phones.

Decentralized apps are best known by the joint Google and Apple API (sometimes referred to as “Gapple”) under development in the US, which will allow health agencies to develop their own apps. Another prominent model for decentralization is the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, which European countries including Germany, Austria, Switzerland, Lithuania, Estonia, Finland and Ireland are developing.

The centralized apps are best illustrated by the UK’s contact-tracing app developed by the National Health Services (NHS) technology group NHSX (although a recent report says the UK is considering using the Apple-Google model). Australia’s COVIDSafe app was modeled on a similar approach in Singapore. China, which has required citizens to use location and health status tracking apps since February, stands out as a dominant example of centralized app use. Another centralized example is Israel, which used its state intelligence service’s phone tracking technology, usually reserved for tracking terrorists, to trace Israelis diagnosed with COVID-19.

Neither approach is inherently good or bad, although the centralized approach, which typically puts the app’s development and control in the hands of a central government, gets lower marks from a privacy and security perspective than the decentralized approach. “Centralized approaches give authorities access to valuable data for risk modeling and analysis, in order to help them understand how the virus appears to be spreading,” Future of Privacy Forum Counsel Polly Sanderson tells CSO.

To continue reading this article register now

The 10 most powerful cybersecurity companies