A number of state officials from North Dakota, South Carolina and Alabama publicly praised an unprecedented collaboration between Google and Apple that will help them produce a contact-tracing app automatically notifying people whether they have spent time near someone who tested positive for COVID-19.
These US states and some countries have already signalled that they will be willing to use the app, while France, Norway and India have remained sceptical regarding the initiative, giving preference to a more centralised approach, that allows the storing up and uploading of data via Bluetooth to a remote server, thus allegedly making it easier for health authorities to contain the virus.
So far, the UK’s NHS has been developing a contact tracing app built exactly using this approach, despite breach of privacy concerns and the possibility that this data will b overshared with the government. According to some reports, Britain is now also eyeing the integration of an Apple-Google API model to their app, but some fear that even a decentralised approach propelled by these two giants may not be as safe as initially suggested.
“It is possible this technology may be abused to collect more information other than data related to the virus,” says Fow Chee Kang, associate director and cyber security managing consultant at LGMS. “Although the statement released by the tech giants highlights the features of protecting user privacy and security, nevertheless, there are still possibilities of using such technology in conjunction with existing data that is already in the mobile device to profile the user.”
The companies have indeed stated that the version of their COVID-tracing app would protect its users with the help of encryption, and lack a centralised database, with the process being carried out only through the phones themselves, which would prevent the unnecessary storage of private information. However, following several scandals involving Google over potential breaches of privacy, the company has openly stated its cooperation with the White House “may negatively impact the trust of users” toward Apple as well, says Kang.
“It is certain that there will be data being shared to the government about its user, hence, it may affect the trust of Apple customers in this sense,” the expert notes.
According to Matthew Hickey, cyber security expert and co-founder of Hacker House, contact tracing applications as such “have been disputed by many as an unnecessary invasion of privacy,” as he argues that even the creators of NHS’s app “have expressly stated that they wish to retain the collected data after the pandemic ends for future study”.
“This opens up the prospect that this data could also be abused in the future and will make it easier for similar track and trace programs to be implemented by governments around the world,” Hickey argues. “It is my opinion that we should not sacrifice our personal privacy and liberty for a small amount of security from a Virus threat.”
There still might be an option for those users who are “concerned about the privacy and security of any information collected from smartphone tracing apps”, says associate professor at the School of Engineering at RMIT Mark A Gregory, which is “to factory reset their phones after the pandemic.” He does not specify, however, how to go about information that has already been collected by Google and Apple about its users.