The number of active coronavirus cases is almost reaching six million, so the pandemic is far from over. Besides the usual precautions (surgical masks, gloves, cleaning your hands often, social distancing, etc.), you might have heard people talking about using contact tracing apps.
But what are they exactly, and are there any risks associated with using such an app? Let’s find out in this article.
First Things First – What Is a Contact Tracing App?
It’s an application that alerts you whenever you come into contact with someone who either presents COVID-19 symptoms or has been diagnosed with the virus. To do that, it either uses Bluetooth or location services.
You Should Use One, Right?
It’s a great tool. You can use it to do your part, keep yourself healthy, and also keep your loved ones safe.
Unfortunately, there’s a “but” here.
Contact tracing apps are useful, but they also raise privacy concerns. Will it track you 24/7? Who has access to your data? Can hackers abuse them?
So if you’re on the fence about contact tracing apps, or think they’re useful but are worried they might violate your privacy, here are some things you should consider before downloading one:
- What Information Does It Require?
- How Does It Handle Your Data?
- Does It Use Bluetooth or Location Services?
- Potential Bluetooth Vulnerabilities
- Hacker Concerns
1. What Information Does It Require?
None is the ideal answer if you value your privacy because a contact tracing app doesn’t need to know your phone number, full name, profession, age, and gender to function properly.
It just needs you to be honest about your health and have access to Bluetooth or location services.
2. How Does It Handle Your Data?
Is there a privacy framework in place to make sure the app can secure your data? Are you the only person who can access your data, or do third parties (like private companies and advertisers) get access too?
Is all the data stored on your device in a decentralized manner, or do centralized servers log it instead? Those are the kinds of questions you need to ask yourself if you want to be 100% sure the app takes your privacy seriously.
3. Does It Use Bluetooth or Location Services?
Bluetooth is by far more privacy-friendly than location services. Instead of tracking your actual location, it relies on collecting Bluetooth IDs from Bluetooth-enabled devices it interacts with. When someone reports COVID-19 symptoms or a diagnosis, the app sends alerts to all those devices.
Location services, on the other hand, rely on GPS data, WiFi, and cellular signals to track the places you visit. It is much more invasive than how Bluetooth works – especially if the app shares that data with advertisers – and it feels it.
4. Potential Bluetooth Vulnerabilities
If the app uses Bluetooth, you need to know that it isn’t perfect either. It actually had (and continues to have) a lot of security issues. Here are just some examples:
- BR and EDR connections had a problem that would have allowed hackers to downgrade Bluetooth encryption (weaken it, basically). That would have made it easier for them to crack the encryption and monitor all the data shared over Bluetooth. If that would happen when you use a contact tracing apps, hackers could see all personal and medical data you share with it.
- Bluetooth experienced a vulnerability called BlueBorn. Apparently, hackers could have abused it to connect to devices over Bluetooth.
- Google and Apple’s new API that enables decentralized data sharing through Bluetooth also makes it possible for cybercriminals to use correlation attacks. Basically, they’d be able to associate COVID-19 diagnosis alerts with photos of strangers with the use of a camera and a rooted phone to identify who the infected person is.
- Bluetooth Classic has a serious vulnerability that allows hackers to perform impersonation attacks to take over someone’s device.
The good news is some of those issues were fixed. The bad news is you’re not safe if you’re using a cheaper off-brand device whose manufacturer didn’t patch them.
5. Hacker Concerns
Don’t think cybercriminals would bother with contact tracing apps?
Think again. There are already reports of them setting up fake apps and using them to inject malware into people’s smartphones.
Also, the FTC warned people that hackers might pretend to be contact tracers, and send fake messages with phishing links in them. Something like that also happened in the UK. If users followed the links, they would end up on fake sites designed to steal personal information from them.
So you shouldn’t rush to download the first contact tracing app you see. Check who the people behind it are, and make sure you get it from iTunes and Google Play only (the fake apps were spotted on shady third-party sites).
Quick Way to Check How Privacy-Friendly the Apps in Your Area Are
Instead of doing countless hours of research, try checking out this interactive map of coronavirus tracing apps around the world. It’s a list of 54 apps ranked in terms of privacy. It’s worth looking if the apps in your area show up there. If they do, you’ll know exactly whether they’re safe to use.
Contact Tracing Apps – Yes or No?
It’s hard to say at this point. They’re definitely a step in the right direction, but – right now – you can’t be 100% that every app you see can secure your data. But how do you feel about them? Do you think there are any chances they could compromise your privacy, or is there nothing to worry about? Let us know in the comments.