Apps and Covid-19

Considering the billions of people who have smart phones generally use apps on these devices, it's possible to reach people and draw extensive data from their devices.

PI has been repeatedly exposing how smartphone apps can put users' privacy and security at risk. For instance we revealed how popular non-Facebook apps leak data to Facebook beyond the user's control or knowledge. We recently revealed similar levels of exploitation by menstruation apps.

The reality is that smartphones are highly complex interactions between hardware (chips and processors and storage and antennas), operating systems (generally Apple and Google), app stores (Apple and Google again), platforms (analytics companies and social media companies), and the apps themselves.

China was an early mover on apps: people were required to install the Alipay Health Code app, fill in personal details, and then were issued with a QR code with one of three colours denoting quarantining status. The app reportedly shared location data with the police. 

Using apps in the context of Covid-19 is useful to the general public to help people to report their symptoms and to learn about the virus and the health response. Apps are now being explored to trace contacts through interaction and proximity analysis. 

They are also being explored as quarantining enforcement tools, monitoring location and interactions. In this context, they are not necessarily voluntary tools.

The apps can help you report, generate data without your involvement, or lift data from your device. The apps can store the data locally or send the data to servers. And they can leak data to analytics firms and social media platforms.

So the Norwegian health app stores location data for 30 days on a centralised server. The Colombian app asks people to provide their data and answer questions about participation at protests and ethnicity. 

The apps are generally poorly spread. The Singapore app apparently has been downloaded only by 13% of the population. The UK is aiming for at least 50% of the population with their app.  This is because they are mostly voluntary at the moment.

Even when 'voluntary', compulsory data entry varies. In Argentina the app for self-diagnosis requires people to include their National ID, email and phone number. 

We are concerned that the voluntary nature of these apps will be rescinded for travellers and when borders are re-opened. Yet meanwhile, according to reports from  Thailand, SIM cards and apps were provided to every foreigner and travelling Thai, expecting this data to report on their locations; and Hong Kong is using bracelets with an app on people under compulsory quarantine and shares their location with government over messaging platforms.

It's in this context that apps like the one developed for Home Quarantining by the Polish government. It requires phone numbers, reference photos, and regular check-ins. South Korea's app uses GPS to track locations to ensure against quarantine breach, sending alerts if people leave designated areas.

Finally, there is the ever-present monitoring that goes on as part of commercial exploitation. Facebook, Google, and analytics companies have been accumulating location data for years, sometimes in great detail and sometimes in aggregate.

Some apps are exploring storing limited data. Argentina's CoTrack, MIT Media Lab, and Oxford University's apps appear to collect location and proximity data on the device and share only with consent and with no identifying data.

26 Mar 2020
In a widely circulated animated heat map, the geospatial visualisation company Tectonix GEO in partnership with the location technology company X-Mode used the secondary locations of anonymised mobile devices that were active on a single beach in in Ft Lauderdale, FL during spring break to show how
23 Mar 2020
Argentina's Public Prosecutor's Office will start installing an app on the smartphones of those who violate government-ordered quarantine in the cities of Santa Fé and Rosario. The app will be installed by the province's Criminal Investigation Agency to track those who are under criminal
23 Mar 2020
On March 23, Argentina's immigration agency, Dirección Nacional de Migraciones (DNM), announced that anyone arriving in the country would be required to install the free COVID-19 Ministry of Health app on their phone for 14 days to ensure they comply with quarantine rules in order to protect the
24 Mar 2020
Researchers at Germany's Robert Koch Institute and Fraunhofer Heinrich Hertz Institute are working on an app that uses Bluetooth connections between smartphones and is compliant with GDPR to anonymously save the distance and duration of contact between people on the smartphone to make it possible to
26 Mar 2020
Indonesian Ministry of Communication and Informatics/KOMINFO official website) On Thursday, 26 March 2020, the Indonesian Minister of Communication and Informatics, Johnny G. Plate, issued the Ministerial Decree No. 159/2000 to facilitate the cooperation between the Government and telecommunication
24 Mar 2020
The Israeli Ministry of Health's mobile app, "The Shield", is intended to alert users if they have been at a location in Israel at the same time as a known COVID-19 patient. The app, which is available for both Android and iOS, works by collecting the GPS and WiFi network (SSID) information of a
25 Mar 2020
A web form to screen COVID-19 cases developed by the Mexico City government collects a wide range of personal information such as name, age, telephone number, home address, social network username, and cellphone number. The privacy notice establishes that such data may be transferred to a vast array
24 Mar 2020
The success of South Korea's efforts to combat the coronavirus without a national lockdown and without suspending civil rights depended in part on preparation put in place after the 2015 MERS epidemic and in part on the country's network of private testing labs, which enabled the country to quickly
27 Mar 2020
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user
14 Mar 2020
On March 14, the Peruvian government set up a website for individuals to check their symptoms so they can be directed towards sources of help. The web form asks for ID number, phone, email and home address. Source: https://www.gob.pe/coronavirus Writer: Peruvian government Publication: Peruvian
21 Mar 2020
The self-testing web app issued by Argentina's Secretariat of Public Innovation asks for national ID number, email and phone as mandatory fields in order to submit the test. The Android version requires numerous permissions: calendar, contacts, geolocation data (both network-based and GPS)
17 Mar 2020
At the MIT Media lab, Ramesh Raskar is leading a team that includes software engineers at companies such as Facebook and Uber to develop the free and open source app Private Kit: Safe Paths. The app is intended to share encrypted information between phones in the network without going through a
22 Mar 2020
After Asian countries used mass surveillance of smartphones to trace contacts and halt the spread of the coronavirus, Western countries such as the UK and Germany are trying to find less-invasive ways to use phones to collect and share data about infections that would work within data privacy laws
19 Mar 2020
Facebook's scientists are analysing location data about compliance with social distancing recommendations in various countries using information from a private vault of location information its apps have collected. The analysis shows that only "very modest" changes in habits in the US, France, and
19 Mar 2020
Researchers at the University of Oxford are working with the UK government on an app similar to the smartphone tracking system China developed to alert people who have come in contact with someone infected with the coronavirus. The British app, which would be associated with the country's National
18 Mar 2020
Technology entrepreneurs within Belgium would like to introduce a health code app similar to China's Alipay Health Code that would control individuals' movements based on their health status. The government has engaged privacy experts from the Belgian data protection authority and Ghent University