Skip to Content
© Sergiomonti | Dreamstime.com
Coronavirus

The serious privacy risk of coronavirus tracing apps

Contact tracing is said to be one of the most useful steps a population can take to slow the spread of COVID-19. The process is straightforward: Individuals who are infected report their confirmed case to health officials along with contact information of the people they may have exposed themselves to. This helps isolate outbreaks before they can grow.

And now, thanks to the joint efforts of Apple and Google, digital contact tracing is now possible with a new API built into Android and iPhone operating systems. Tap or click here for more details on how this new feature works.

Because digital contact tracing involves push alerts and location tracking, there are some understandable security concerns. Now that the option is available on numerous devices around the world, we’re finally getting an answer as to whether or not the process is worth the privacy risk. So far, the results don’t look all that good.

How is contact tracing working out around the world?

Beyond the initial setup process for COVID-19 exposure alerts on Android and iPhone, there haven’t been too many advancements in the U.S. for contact tracing apps. Some states like North Dakota produced apps in an initial wave of development, but the process has yet to be widely implemented.

But an absence in America doesn’t mean nobody is using the tools. In fact, several countries have already implemented digital contact tracing into their population’s smartphones. The results so far, however, are less than ideal.

Here’s what we’ve learned from countries that have already made contact tracing available to the masses:

  • Norway: This Nordic nation was the first country to widely adopt digital contact tracing among its population centers. Within two weeks, nearly 1 million Norweigian smartphones had a virus tracing app from local developers.

    Thankfully, Norway wasn’t hit particularly hard by the virus, but this had the side-effect of providing researchers with little to no data. Security concerns regarding Bluetooth data exchanges, location data and other privacy issues prompted the population to abandon the app. What’s more, some are concerned that citizens accepted these security risks at face value far too easily.
  • U.K.: A smartphone contact tracing app was also developed and released. This one was also abandoned due to privacy concerns and low adoption rates.
  • India: India’s contact tracing app had a security issue of a different kind: a vulnerability. This led to the leak of 77 million users’ location data — including precise coordinates.
  • U.S.: In a twist that could only happen in America, the state of North Dakota’s contact tracing app was found to be sharing location data with the app Foursquare. This “check-in” app feeds data to advertisers based on location that can help them pinpoint campaigns more effectively. And we thought this app was supposed to stop people from getting sick.

As you can see, security concerns and widespread adoption are the two biggest sticking points for making contact tracing apps mainstream. But at this point, based on the data we do have, do we even want to?

At the very least, the effort is creating some much-needed job opportunities for unemployed Americans — and no medical experience is required! Tap or click here to find out how you can get a job as a contact tracer.

The real risks of contact tracing apps

Because signing up for contact tracing is voluntary, the negative reception means it’s unlikely the system will be implemented on a wide scale. But if you do take a look at the issues brought up by privacy advocates, you could see a case to be made for restraint. Here are the most glaring issues with the system:

  • Bluetooth: The Apple/Google API supposedly makes exchanged Bluetooth data packets anonymous and encrypted. Unfortunately, this only applies to the API itself, and sloppy development on the part of app-makers could lead to hackers matching Bluetooth data to specific phones. This could reveal personal information contained on the device.
  • Personal data: All apps tend to store significant amounts of information like contact logs, encryption keys, and personally-identifying data. If the apps are not properly “sandboxed” (stored and run in a secure area of the operating system), the data could be potentially accessed and extracted. Once again, this would be a developer issue.
  • GPS: Contact tracing apps are supposed to rely on Bluetooth for data exchange, but it’s entirely possible for a developer to enable GPS to help pinpoint superspreader events. On the flip-side, this could accidentally backfire and reveal where users have traveled to, or worse, where they live.
  • Identity theft: Should personal data be uploaded into the contact tracing app (like COVID-19 status, emergency contacts, address, phone number, or first and last name), hackers hijacking data packets midway could easily obtain this data and exploit it.

If it were up to Apple and Google to develop the apps themselves, widespread adoption might be less of an issue. Unfortunately, apps are developed in part by local health officials, and we’ve seen what happens when local government fails at managing tech. Tap or click here to see why so many unemployment applications fell through the cracks.

On that note, if you happen to get sick and want to do your part in fighting the spread of infection, Apple’s very own COVID-19 symptom-checking app feeds data back to the CDC, which helps the organization get a clearer picture of symptoms, spread and more. Tap or click here to find out more about Apple’s offering.

The information contained in this article is for educational and informational purposes only and is not intended as health or medical advice. Always consult a physician or other qualified health provider regarding any questions you may have regarding a medical condition, advice, or health objectives.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now