COVID-19 apps: Beware, they violate privacy Antivirus applications violate privacy by recording more data than they need, putting users at risk.
In April, Norway released an app for smartphone, Smittestopp or “Stop it pandemic», Which records users who have been in close contact for more than 15 minutes and sends notifications if they have been exposed to the coronary artery.
"We can all help stop the spread of the virus and save lives," said Prime Minister Erna Solberg. "If a lot of people download the Smittestopp app, we can get our freedom back."
Within two weeks, nearly 900.000 people - or about one in five Norwegians over the age of 16 - had started using the app. However, by mid-June, the government had temporarily shut down the service after data protection regulators said Norway had so few coronavirus cases that the risks of intensive monitoring outweighed the still unproven public health benefits. This week, the country's data monitors formally imposed a temporary ban on the application.
Norway is one of the many countries that have created applications to detect and monitor coronavirus, resulting in serious complaints arising from extensive user data mining or poor security practices. Human rights groups and technologists have warned that designing such applications puts hundreds of millions of people at risk for surveillance, fraud or identity theft - and could undermine confidence in public health efforts. The problems arose as some countries prepared to develop even more intrusive technologies, such as the fact that hundreds of thousands of workers wore virus-monitoring bracelets around the clock.
In mid-June, following criticism from privacy advocates, Britain abandoned its virus detection application and announced a software change from Apple and Google which the companies themselves have promoted as more "privacy".
In May, after Amnesty International identified significant security vulnerabilities in a mandatory warning application for virus exposure in Qatar, the government released an update with new security features. In April, journalists The New York Times found that a government antivirus application in India, which had been downloaded more than 77 million times, could leak the exact locations of users. The Indian government immediately resolved the problem and soon began offering financial rewards to security researchers who find vulnerabilities in the application.
In fact, "the vast majority" of virus detection applications used by governments do not have adequate security and "are easily victims of hackers," according to a recent analysis. software by Guardsquare, a company security mobile applications.
"It's an instructive story for governments that amass such a huge amount of data," said Claudio Guarnieri, head of Amnesty International's security lab, which identified problems with Qatar's implementation.
Governments around the world have introduced several antivirus applications this year, he noted. "But, of course, doing so hastily and without proper assessments and proper planning and supervision," he said, could "jeopardize these efforts."
Epidemiologists have said that virus control applications could be useful additions to public health efforts, especially in countries such as South Korea, which has the national medical infrastructure to conduct mass tests and isolate people who have positive results.
However, digital rights groups say some governments use apps simply to prove to the public that they are taking specific action against the virus.
Governments in Asia and Europe have turned to mobile phones and applications during the pandemic for a variety of purposes, including analyzing smartphone location data by mobile providers. telephony to assess residents' compliance during quarantine. But surveillance applications used by some countries to alert people to possible exposure to the virus or to enforce government quarantine directives have come under the microscope. This is because some of the applications are constantly collecting details about users' health, exact locations and social interactions, increasing the risks of privacy and security exposure.
In May, Qatar began requiring all residents to use an anti-virus application or face fines of up to $ 55.000. The application assigns to each user a digital color code - green for people who are healthy without symptoms, red for confirmed cases Covid-19 - which dictates whether a person should stay at home or go out. It can also monitor users' sites in real time to see if those infected with the virus comply with government self-restraint orders.
After testing the app, however, Amnesty International identified security vulnerabilities that could give hackers access to names, health status and, in some cases, the quarantine locations of more than a million users who had downloaded it. Qatar quickly updated the app, boosting the user authentication system.
A recent Guardsquare analysis of government-funded virus-scanning applications in 17 countries found other security vulnerabilities - including minimal encryption and inadequate detection systems hacker. The report warned governments that prioritizing the speed of application development over user safety could erode public confidence and public health efforts.
"Unfortunately, app developers don't seem to be taking the risks quite seriously," the Guardsquare report said.
Critics have accused Norway of stopping the pandemic on a different issue: over-monitoring the government.
Like a virus detection application in India, the Norwegian application collects data location and sends them to a government database for analysis. Some other countries adopt a different approach, which processes users' personal data on their phones where government agencies cannot access them.
Gun Peggy Knudsen, deputy director general of the Norwegian Institute of Public Health, said the analysis of data from the virus detection application helped her body understand the effectiveness of public health measures.
However, technology experts have begun to warn that location and social proximity data from the application could possibly be used for more intrusive purposes, such as social network mapping. Critics have also argued that the public health service is taking advantage of users' personal information for its own purposes without their express consent.
In May, following government intervention for change, more than 300 technology, security and privacy experts issued a statement warning that the application could lead to "unprecedented surveillance" of society.
In June, the Protection Authority Data Norway has said it will temporarily ban the application, saying it has collected far more data than needed to make it work.
The public health organization has since deleted users' personal data and temporarily disabled the application. However, Ms Knudsen, a public health official, said the shutdown was short-sighted against the next wave of the virus.
In June, the Norwegian parliament asked the health authorities to develop separate user rights for the application: one consent for virus detection and another for data collection. When the country's data observer formally imposed a temporary ban on the application this week, he said health authorities had not proven its usefulness or allowed users to control how their data was used.
Singapore recently began testing more intrusive antivirus technology - asking a group of immigrants to wear bracelets with the ability to Bluetooth who can detect their locations and proximity to each other. "The original goal is to prevent workers infected with the virus and quarantined in dormitories from visiting their healthiest colleagues," said Ron Rock, chief executive of Microshare, a Philadelphia-based company that provides the technology. . "Concerns about secrecy in Singapore are not the same as in Europe and the United States," Rock said.