COVID-19, mobile apps that preserve privacy. And the winner is ….


The World struggles and needs to choose between data privacy and the interruption of new chains of SARS-CoV-2 (COVID-19, Coronavirus) transmission.

Here is a summary of the best mobile apps preserving the data privacy built by Governments.

COVID-19, the registry of mobile apps

While the World struggles with COVID-19, a debate around the loss of data privacy emerges on the Web [2] [3] [10] or in the podcasts [3]. At the time of writing (April 19, 2020), we count Total Confirmed cases: 2,281,714 and Total deaths: 159,511 (Source: European Center for Disease Prevention and Control ECDC [1]).

Here is an analysis of the mobile apps built by Governments [0]

  • We count 34 mobile apps from countries all over the World, from Argentina to Vietnam.
  • Some apps focus on cities or provinces (e.g., Madrid – Spain, Lombardia – Italy)
  • Google Play (store) (it is a guess) accepts to name an app “COVID” only if a public administration publishes it (try it from your location: https://play.google.com/store/search?q=covid)
    • The mobile app written by Iran is not available on the store and needs to be installed outside the app store
  • Apple Store (it is not a guess) accepts to name any app with “COVID” (try it from your location on the https://apps.apple.com)

The personal data collection

Most mobile apps indicate that their authors pay strict attention to the data privacy of the users or that the mobile app is not mandatory to use.

  • Some mobile apps require the mobile phone number of their smartphone’ owner to enable the Ministry of Health to contact them
  • Geolocations are kept in the mobile phone
    • Geolocations are shared only if the user accepts it
  • The authors (Ministry of Health) may ask the geolocation of the user if he/she is infected
  • The user is aware of its possible infection by another person if he/she has walked near an infected person in the last 14 days
  • Data about phones near the user does not reveal personal identities
  • Data about phones near the user are stored on user’ phone [and not centrally]
  • Other third-party services will not be able to track the user’ identity
  • Users are in control of their data and can revoke consent any time
  • User’ data will only be used for COVID-19 contact tracing
  • The author of the app collects anonymized data to improve the software

Governments build or rely on open-source apps

We count two open-source apps written by Iceland and Israël.

Iceland’s Directorate of Health [8] describes its software architecture based on the Google Cloud Platform, Twilio, CISCO F5 [5] and an open-sourced plugin’ tracker [6]

Israël’s Ministry of Health [7] describes, in cooperation with Profero (company conducting the security validations), the application’s flow (See below: “Applications’ flows”)  as well as the business requirements underlying the application [9]

Singapore uses an open-source privacy protocol called BlueTrace [13]. The authorities have published a white paper [14] describing in 9 pages the functioning of the app.

Universities and Health Institutes builds software too

King’s College London builds COVID Symptom Tracker to collect health data that are shared [15] with Hospitals, Universities, or the National Health Service (NHS) from the US and UK.

Pasteur Institute and Greater Paris University Hospitals released open-source [17] COVID-19 auto-diagnosis bot [16].

The best marketers

Putting my MBA’ hat, I would say that Indonesia, Koweit, South Korea and, Singapore have chosen the best names:  PeduliLindungi (Care Protect),  شلونك (How are you?),  자가격리자 안전보호 (Self-Isolator Safety Protection) and TraceTogether respectively.

Putting my IT’ hat, I would say that others win : Stop COVID, COVID-19, Kwarantanna domowa (Home quarantine), Alertswiss, Korona Önlem (Corona prevention), COVID Symptom Tracker, Coronavirus UY (Uruguay),  StopKorona.

The worst name could be COVI, by Qatar (except if the citizens do use this name to identify the virus)

Where is the European Union?

The European Union (EU) has built the Open Source Observatory and Repository [11] (OSOR) to support European Union Member States when they want to publish Open Source Software. Since then, Github and Bitbucket have surpassed the European Public and Private initiatives to distribute Open Source software.

The European Commission (EC) has published guidance in 9 pages [12] and set out features and requirements which apps should meet to ensure compliance with EU privacy and personal data protection legislation.

And the winner is (are)…

By far, the availability of the source code facilitates the work of software engineers and fasten the deployment of applications taking good care of the data privacy of individuals, Israël, Iceland and Pasteur Institute and Greater Paris University Hospitals paved the way to other public administrations.

A mobile app will never save the World from the virus, but it may reduce its spread in the long run (remember that we need to flatten the curve).

PS: Eight European countries work on a mobile application tracing and no tracking people to stop COVID. More to come.

Advice to the public administrations

More public administrations should share their source code to strengthen the security of their apps and increase the trust towards their public administrations when fighting the virus by using several methods (medical and IT solution).

Software engineers cost money, and reducing the budget to build and manage mobile apps is achieved by sharing its code and best practices. Operating the software should be the sole incompressible cost.

Most applications rely on Bluetooth, ask yourself how many people do enable the Bluetooth and trigger a notification once a day to remind them to enable it.

The links

[0] COVID-19 Tracker/Tracing apps : https://github.com/fs0c131y/covid19-tracker-apps

[1] Download today’s data on the geographic distribution of COVID-19 cases worldwide: https://www.ecdc.europa.eu/en/publications-data/download-todays-data-geographic-distribution-covid-19-cases-worldwide

[2] Covid-19 : la CNIL vigilante face aux applications de suivi géographique: https://www.cnil.fr/fr/covid-19-les-conseils-de-la-cnil-pour-utiliser-les-outils-de-visioconference

[3] [Marketplace Tech] A futurist on navigating change forced by the pandemic: fight the fear #marketplaceTech : https://podplayer.net/?id=100226918

[4] StopCovid, l’application française pour tracer les malades du Covid-19, prend du retard: https://www.futura-sciences.com/tech/actualites/smartphone-stopcovid-application-francaise-tracer-malades-covid-19-prend-retard-80247/

[5] Rakning C-19 System Architecture: https://docs.google.com/presentation/d/1SxGX7pXXMBcO2h7iYRRWI2Ru1oHRV19hZqU2RFYlXK4/edit#slide=id.g7f4bd7ddff_0_290

[6] React native background geolocation: https://github.com/mauron85/react-native-background-geolocation

[7] Hamagen, Israël Ministry of Health App for fighting the spread of Coronavirus https://govextra.gov.il/ministry-of-health/hamagen-app/download-en/

[8] The contract tracing app Rakning C-19 by the Icelandic Directorate of Health : https://bit.ly/34S8GiX

[9] “Hamagen” Application — Fighting the Corona Virus https://medium.com/proferosec-osm/hamagen-application-fighiting-the-corona-virus-4ecf55eb4f7c

[10] Coronavirus: les Français favorables à une application mobile pour combattre la pandémie, selon un sondage:  https://www.lemonde.fr/pixels/article/2020/04/01/coronavirus-les-francais-favorables-a-une-application-mobile-pour-combattre-la-pandemie-selon-un-sondage_6035233_4408996.html

[11] Open Source Observatory (OSOR) | Joinup:  https://joinup.ec.europa.eu/collection/open-source-observatory-osor

[12] Communication from the Commission Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection 2020/C 124 I/01: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1587141168991&uri=CELEX:52020XC0417(08)

[13] BlueTrace Protocol: Privacy-Preserving Cross-Border Contact Tracing: https://bluetrace.io

[14] BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders: https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

[15] Zoe Global Limited : COVID Privacy Notice: https://predict.study/covid-privacy-notice/

[16] Pasteur Institute and Greater Paris University Hospitals release open source COVID-19 auto-diagnosis bot: https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/covid-19-auto-diagnosis-bot

[17] Chatbot d’auto diagnostic basé sur l’algorithme élaboré en lien avec l’Institut Pasteur et l’Assistance publique des Hôpitaux de Paris: https://github.com/CSML-by-Clevy/covidbot-autodiagnostic

The applications’ flows

Israël

Hamagen, the application' flow

Hamagen, the application’ flow

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

<span>%d</span> bloggers like this: