As contact-tracing apps are promising to change the course of COVID 19 by tracking citizens 24/7 and alerting those we’ve been around if there is a potential exposure. However, as these apps begin to emerge, some vulnerabilities are becoming apparent. Among security and privacy violations, contact tracing app consistency is become the next big concern.
The North Dakota’s contact tracing app has already reported to have been sharing data with Foursquare and Google as well as a fatal flaw in Qatar’s contact tracing app that has exposed hundreds of thousands of people’s private data.
Security aside, contact tracing app consistency and incompatibility between states and countries will present a new set of problems. After, Google and Apple announced they’re building an API for contact tracing apps, states and countries have blindly moved toward adopting those as standards even without accounting for citizen privacy, behavior and willingness to adopt. However, even with a single API, each state or country develop their apps differently. For example Utah has launched its widely unsuccessful Healthy Together app, and opted to use location-based data as well as Bluetooth which is different from the other few apps that have already tried and failed to launch successfully. Internationally there’s bound even more fragmentation as we are seeing with France who has just launched its app, which does not follow the Google/Apple framework, and Switzerland is piloting the first contact tracing app developed on the backbone of Google and Apple’s API. Overall globally, only 22 other countries have requested access to the API which signals that app developers and countries are finally realizing the tracking approach isn’t going to work.
Additionally, COVID related cyberattacks have risen and Google recently reported more than 18 million daily malware and phishing emails related to COVID-19 scams within just one week in April, and phone and text scams have recently been reported. Despite the urgency felt to develop and release these contact-tracing apps quickly, they number of cyberattacks should give pause in rushing to the Apple-Google approach and possibly rethink if there is a better way to get citizens to participate in some contact tracing program without having to be tracked 24/7.
Global and Local Government coordination across the areas of compatibility and privacy could help some potential challenges, but only if we take a step back and rethink the contact tracing app from the ground up and include consumer behavior, app design and a program that doesn’t require 24/7 tracking. Until then, we are risking one continued contact tracing app failure after another.