The pandemic of novel coronavirus that started in the month of December 2019 in Wuhan city in China, caused a grave health emergency around the world. In the absence of any vaccine or drug effective to treat the virus the governments began to search for alternatives to control and mitigate the burden of pandemic. Lockdowns, travel bans, isolations and quarantine and social distancing are the measures that are currently being implemented by governments to contain the spread. Pertaining to its high rate of transmission, the WHO also emphasized on the need to intensify active surveillance to identify, isolate and quarantine infected individuals [1]. The infected show flu-like symptoms that can further lead to severe respiratory conditions, but there also lies a fragment of population that might be active carriers and yet remain asymptomatic.
The main concern for the health officials is to locate such asymptomatic individuals to contain the spread of the virus among the population. This led to the vigorous activity of tracing and tracking of infected individuals and all those who came in contact with them. Initially health officials were doing it manually by interviewing the individuals. The key focus was to isolate the affected and track the number of people the infected person must have come in contact with in the past 14 -21 days. The goal was to limit the virus and flatten the transmission curve. But the manual method was proving to be ineffective to stop the spread of the virus, due to less workforce of health authorities required to collect, process and analyse the data and also errors due to difficulty in recalling each and every person the infected individual must have met [2].
To bridge this gap nations across the globe focussed their attention on the use of technology driven solutions to automate the tracing process to get efficient results in less time. The universal prevalence of mobile phones emerged as a reliable solution for contact tracing due to its location tracking G.P.S systems paired with Bluetooth technology that enhanced the data collection storage and sharing ease, which can be later used in the future crisis of a user being identified as infected with the coronavirus.
The apps were adopted by many countries. Whilst some nations like China, Qatar made it mandatory others like Singapore India Australia opted for a voluntary approach. In some countries the apps received overwhelming response right after their launch; for example, more than 4.5 million users downloaded the COVIDSAFE (AU) app within two weeks of its initial release in Australia also the Indian tracing app AAROGYA SETU crossing the 127.6 million downloading mark, with adoption rate of 12.5% [3].
But after a few weeks of launch, the cybersecurity experts criticised the apps due to the security concerns especially related to data collection and storage method, efficacy, privacy of the people [4,5]. Another concern is the extent to which the apps can be repurposed to track their users, and how the collected data may be used when the current pandemic ends. This eventually led to the decrease in the popularity of such apps among masses with each passing week.
The apps have a working system architecture of two types – centralised and decentralised
Working structure of apps [6]:
WHAT WENT WRONG: MAJOR CONCERNS RELATED TO APPS [2,7]
Data management and Privacy issues – From the privacy perspective three types of data are stored in these app servers: personal information of the individual, contact advertising messages and social proximity graphs. In centralised systems servers have access to all this data so if compromised they can be easily used for malicious acts, jeopardising the privacy of the user. As for the decentralised, this privacy can be compromised by downloading the seeds and calculating the chirps resulting in the unauthorised identification of infected individuals
Security – The data which is stored in the server can be easily accessed by the health agencies or the government. This data can be used to induce false negative or false positives in the system or may inject erroneous entries or cause denial of services. Such acts can be committed to gain either ideological or political benefits by the adversary.
Table showing few security attacks possible [2]:
| Country | Tracing app | System architecture | Relay/replay attacks | Wireless tracking | Location confirmation | User de-anonymizing/ linkage |
| Singapore | Trace together(truetrace) | centralized |  | | | |
| Australia | Covid Safe | centralized | | | | |
| France | Stop Covid | centralized | | |  | |
| India | Aarogya Setu | centralized | | | | Not known |
| Switzerland | Swiss Covid | decentralized | | | | |
| Israel | Hamagen | decentralized | | | | |
Technical hitch – Due to closely guarded Bluetooth settings by apple, the apps didn’t work as intended resulting in bugs, low performance or poor compatibility.
Users interest – For the app to be effective it has to be at least used by 60% of the population, this proportion is challenging to achieve due to the questions raised on efficiency of the Bluetooth in relation to the range and proximity which can result in false positive or negative cases and thus can lead to reduced number of users.
Battery Usage – Excessive battery consumption is a recurring problem for mobile apps, and these apps that run in the foreground consume more power than an app that runs in the background, making people wary of keeping these apps on at all times.
ROAD TO IMPROVEMENT: STRATEGIES FOR BETTER IMPLEMENTATION [2,8]
Data minimisation for purpose limitation and privacy – Minimum amount of data necessary to achieve said purpose should be collected and stored for a minimum amount of time, also the retention period and reason for the period should be told to the user. If a third party develops and maintains the app, procedures and processes (as well as compliant contracts) should be implemented to ensure those third parties are invested in ensuring data privacy risks are minimised.
Transparency – This issue should be addressed in relation to apps design choices, any risks their approach poses to individual rights, the benefits the app seeks to achieve, and the purposes of their app.
Fully decentralised architecture for infection tracing – Even though privacy serves as the major concern in mass adoption of the apps by the public, none of the app developers have developed a fully decentralised app architecture. They all use a central server to differing degrees, usually under the control of a governing authority.
Improvement in proximity accuracy – The Bluetooth range which detects the close contacts needs to be more accurate to eliminate the false positive or false negative cases.
Responsibility for compliance – The named data controller of the personal data collected by the app will be responsible for the majority compliance, but organisations must make clear to users the identities, roles and responsibilities of all parties processing personal data as part of the contact tracing.
Decommissioning – To ensure the app will dismantle after the crisis ends, steps should be present to erase and anonymise the data. This process should be independently verifiable and auditable.
THE CONTACT TRACING TECHNOLOGY IS HERE TO STAY:
Despite all the mentioned concerns the apps still have a chance to reinvent themselves by adopting the decentralised methods, and come up with better and improved measures solutions. A good example is Swisscovid, a swiss app launched on June 25th. The app reached 1.6 million downloads by July 4th 2020 and the daily active users of the app were about 960,000 by July 11th. The app reached the number one spot in the medicine category of Apple’s App Store with 3,865 user reviews and an average rating of 4.6 stars. Another ray of hope is Ireland’s COVID Tracker app which was downloaded 1.3 million times, or by about one-third of its population[9,10]. It’s the fastest-downloaded app per capita in Europe ever and is already detecting incidents of infection. Although initially a centralised app, they quickly judged the technical issues and relaunched it as a decentralised one and now the same design is being used to launch apps in Northern Ireland, Gibraltar, and Spain [9]. Even the NHS app of the United Kingdom is reinventing its structure from centralised to decentralised with the help of google and apple toolkits.
As the present covid19 pandemic eventually abates, these contact tracing apps will naturally be decommissioned. However, as history has taught us, pandemics have a knack of arriving unannounced and the challenge of developing new drugs and vaccines for each new pandemic will always remain a race against time. While case isolation and contact tracing have always been two of the main strategic pillars of any fight against an infectious disease epidemic or pandemic, in a globalised world with an increasingly data driven population, it is imperative to find new solutions which will augment these measures. Covid19 pandemic has been the first instance where contact tracing apps have been utilised at such large scale. Although many concerns about privacy, data theft etc. have led to their limited impact, however there’s no denying that their role and value in coming pandemics will only increase. As many countries and app developers have tweaked their apps to address as many of these shortcomings as possible, scope for further improvement remains.
REFERENCES
[1] A flood of coronavirus apps are tracking us. Now it’s time to keep track of them. MIT Technology Review. (2020). Retrieved 7 May 2020, from https://www.technologyreview.com/2020/05/07/1000961/launching-mittr-covid-tracing-tracker/.
[2] Ahmed, N., Michelin, R., Xue, W., Ruj, S., Malaney, R., & Kanhere, S. et al. (2020). A Survey of COVID-19 Contact Tracing Apps. Retrieved 27 July 2020, from https://arxiv.org/abs/2006.10306
[3] Chatterjee, A. (2020). Australia’s COVIDSafe has the highest adoption rate among official contact tracing apps. THE HINDU. Retrieved 20 July 2020, from https://www.thehindu.com/sci-tech/technology/australias-covidsafe-has-the-highest-adoption-rate-among-official-contact-tracing-apps/article32135390.ece.
[4] Jennings, R. (2020). What are the data privacy considerations of Contact Tracing Apps? – UK Human Rights Blog. UK Human Rights Blog. Retrieved 1 May 2020, from https://ukhumanrightsblog.com/2020/05/01/what-are-the-data-privacy-considerations-of-contact-tracing-apps/.
[5] Palmer, D. (2020). Security experts warn: Don’t let contact-tracing app lead to surveillance | ZDNet. ZDNet. Retrieved 7 May 2020, from https://www.zdnet.com/article/security-experts-warn-dont-let-contact-tracing-app-lead-to-surveillance/.
[6] Coronavirus contact-tracing: World split between two types of app. (2020). [Image]. Retrieved 7 May 2020, from https://www.bbc.com/news/technology-52355028.
[7] Covid-19 contact-tracing apps: the key data protection issues. ComputerWeekly.com. (2020). Retrieved 16 June 2020, from https://www.computerweekly.com/news/252484378/Covid-19-contact-tracing-apps-the-key-data-protection-issues.
[8] Roxana Ologeanu-Taddei, T., & Roxana Ologeanu-Taddei, T. (2020). Privacy vs effectiveness: The challenges of developing coronavirus contact-tracing apps. Scroll.in. Retrieved 12 August 2020, from https://scroll.in/article/969947/privacy-vs-effectiveness-the-challenges-of-developing-coronavirus-contact-tracing-apps
[9] Contact Tracing Apps Resurgent After Early Success for Google and Apple’s Design – DATAVERSITY. DATAVERSITY. (2020). Retrieved 26 August 2020, from https://www.dataversity.net/contact-tracing-apps-resurgent-after-early-success-for-google-and-apples-design/.%5B10%5D Carroll, R. (2020). Cheap, popular and it works: Ireland’s contact-tracing app success. the Guardian. Retrieved 20 July 2020, from https://www.theguardian.com/world/2020/jul/20/cheap-popular-and-it-works-irelands-contact-tracing-app-success.
