Contact Tracing Apps & Your Privacy (3 Tips)

Contact Tracing Apps

With nearly six million confirmed cases, COVID-19 isn’t going anywhere, anytime soon. People are trying to flatten the curve by using surgical masks, practicing social distancing, and self-isolating when necessary. However, most governments don’t think that’s enough. So they came up with a new idea – COVID-19 tracking apps. Contact Tracing Apps-

In a nutshell, they’re applications you install on your phone that are supposed to alert you whenever you come into contact with someone who has COVID-19. People need to keep the app running in the background when they go outside. Also, they have to voluntarily report their symptoms or diagnosis in the app.

To keep track of people and send notifications, these apps use one of the two:

  1. Bluetooth – The app collects Bluetooth IDs from nearby Bluetooth-enabled devices. If one user reports COVID-19 symptoms, the app sends notifications to the devices it communicated with.
  2. Location services – The app uses GPS, WiFi, and cellular signals to record places users visit (like coffee shops or malls). If a user that tested positive for COVID-19 goes to one of those places, the app will send alerts to anyone else who was there.

Overall, they sound like a pretty decent way to fight back against the virus.

Unfortunately, there’s a problem – COVID-19 tracking apps aren’t too good for your privacy.

Can Contact Tracing Apps Really Put Your Privacy at Risk?

Sadly, they can. Here’s how:

Some of Them Collect Too Much Data

They need it to be effective, right?

Not really. All a contact tracing app needs is for you to be honest about the state of your health. That, and access to Bluetooth or location services.

It doesn’t need things like your full name, your phone number, and access to your contacts – like Utah’s Healthy Together App does.  That’s just too invasive in our opinion.

Some Contact Tracing Apps Share Your Data

Granted, someone will eventually have access to it – usually someone from a medical organization or a branch of the government.

That makes sense, though. What doesn’t make sense is third parties having access to your data. 

For example, the COVI-ID app from South Africa doesn’t just share your data with medical officials. It also shares it with advertisers and other private companies.

What does that mean for you?

That you’ll likely start seeing more ads for overpriced surgical masks if you let the app know you have COVID-19 symptoms.

Cybercriminals Can Abuse Contact Tracing Apps

Nothing in this world is safe from hackers – not even these apps. Unfortunately, they can abuse them to send fake alerts or phishing messages. If anyone follows the links, hackers might steal their personal data, and involve them in identity theft.

Alternatively, they could set up their own fake contact tracing apps, which they could use to install malware on your device.

Neither Bluetooth nor Location Services Are Great for Privacy

It’s pretty obvious why location services aren’t ideal – they track your geo-location too well, to the point where it becomes creepy.

But what about Bluetooth?

Well, it also has some problems:

  • Bluetooth BD and EDR connections previously had a problem that would have made it possible for hackers to downgrade Bluetooth encryption to crack it.
  • Bluetooth Classic was previously vulnerable to impersonation attacks which would have allowed hackers to access your phone.

Even Google and Apple’s new API is vulnerable to a very serious attack that would allow someone to correlate people infected with COVID-19 with photos of them with the use of a stationary camera connected to a Bluetooth device.

 Bluetooth nor Location Services Are Great for Privacy

So What Are Your Options?

Should you use COVID-19 tracking apps despite the risk? Should you avoid them until something better comes along?

Well, here’s what you should consider:

1.  Ask Yourself First – How Much Do You Trust These Apps?

It’s all up to how you feel. Wanting to fight the virus and stop it is the right mindset, but that doesn’t mean you need to compromise on your privacy standards.

So it all depends on how much you trust the apps that are available in your region. Would you feel okay putting your privacy in their hands? Or would you constantly worry hackers or advertisers could abuse them any day?

If your gut instinct is telling you “no,” maybe hold off on downloading and installing a contact tracing app until you find one you actually feel safe with.

2. Look the App Up, Don’t Just Download & Install It

If you’re okay with using contact tracing apps, do some research before you do anything else. Find out who the people behind it are, and what its Privacy Policy and ToS page say about the app’s privacy framework (does it even have one?) and who they share data with.

Ideally, any data that is collected should be stored on your device, not centralized servers. Also, despite its problems, Bluetooth is still better than location services for privacy.

Oh, and make sure to check reviews to see if people reported any privacy concerns. In fact, go ahead and check this interactive map of COVID-19 tracking apps. It’s from ProPrivacy, and it ranks 54 apps from around the world in terms of how well they handle privacy. Use it to see how the apps in your area score.

3. Consider a More “Manual” Approach

If you just can’t bring yourself to trust contact tracing apps, try a more old-fashioned approach. Just use pen and paper to keep track of where you go and who you interact with. 

Maybe get the contact details from people you interact with regularly. That way, you can notify them if you’re diagnosed with COVID-19, and they can do the same.

How Do You Feel about Contact Tracing Apps?

Do you think they’re a great way to combat the pandemic, or are they doing more harm than good? Do you think they can actually work, or is their design flawed because they rely on voluntary truthful submissions?

Please let us know what you think in the comments or on social media.

Leave a Reply

Your email address will not be published. Required fields are marked *