How Secure Is The Medical History Data Of The User In The Contact Tracing App?

Digital contact tracing software has been an integral part of the worldwide response to the coronavirus pandemic. More and more countries are now preparing to launch applications for identifying and isolating people who have gotten exposed to the virus.

Nations like Singapore and South Korea have been the working examples of how digital contact tracing can curb the rise in COVID-19 cases. And other countries have started taking a note of this and have started increasing the adoption rate of the applications, especially when the general public is going out amidst the rules and guidelines of social distancing.

But how successful are these digital contact tracing applications in securing their users’ data? And does the information that millions of people around the globe are feeding in the app, safe? Let’s find out in this article today.

How Does Digital Contact Tracing Works?

On a high level, the contact tracing applications work with some similar approaches – The application broadcasts a unique identifier through Bluetooth which the nearby smartphones can then detect.

Next, when two application users come in contact with each other, the application estimates the distance between them through the Bluetooth signal. If the distance is less than six feet, the app exchanges the identifiers – meaning it logs an encounter with the other identifier.

When the app users learn that they have been infected with COVID-19, the other app users get notified of the infection risk – this is what makes the application type substantially different from other apps.

Another model for contact tracing can be to rely on a database which does not store much information about app’s users. Example: It’s not important for the authority to store users’ contact information. The infected users can simply upload the contact logs in a central database that saves anonymous identifiers for people who have been exposed.

The users who have not been affected can then continuously ping authorities with own identifiers. The authority then answers to every ping with the information of whether or not the user has gotten exposed.

What is the Security Angle in the Digital Contact Tracing App World?

All the medical app development companies which are following the latest healthcare app trends and are entering the conscious race of deploying enough contact tracing applications in the world, know one thing. And that one thing is the fact that they would have to keep a strict security first approach.

With a Bluetooth centric mobile app, it becomes possible to offer a secure monitoring and tracing environment to the users. While there is always the possibility of information slip-ups, the good news is that seeing the situation that the world presently in, the agencies and the governments alike are putting their best minds behind making the application secure and hack-proof.

Nations are also now coming up with regulations and policies that are designed towards better securing the users’ data.

There are a few safeguards that the contact tracing app developers must keep in mind when building a new application. Here are a few of them:

What are the Key Considerations for the Development of Contact Tracing Applications?

1. User Consent

It is very important for the developers to ask for users’ consent before they start tracking them. The users must be given the option to turn off proximity feature and they should be given the option for selective proximity tracking. For example, they should be given the option to close the feature when they are going to a hospital or a political organization.

2. Minimum Tracking

The applications must only collect the least possible information. While it is okay to make a record of users being near each other, which can be measured via the Bluetooth signal along with device type and the rotating maker. But it can be privacy invasive if the application collects and stores the users’ location information.

Also, ideally the information collected must only be retained for days or weeks but definitely not for months on end. As anyhow, it would lose its relevance by the time you hit a month’s time.

3. Complete Transparency

The agencies which are developing the application should publish information around what their app does, how they track users’ data and then what they do with that information. They should also publish their open source code along with the policies which address information and privacy security issues.

4. Design for Expiry

When the pandemic outbreak ends, the applications developed to trace the users must too. But till the time being, the users must be given a time out option. It means, they should be given the freedom to stop sharing the information with the app admins or even the government – as per their will.

Conclusion

In the end, what the world needs is an application that would help us fight this virus sooner and bring an end to the state of lockdown and restrictions of social distancing. The solution, in turn, should be empowering and make people feel in control, instead of forcing them to give up their information or make them feel like they are being watched at all times.

While, there are questions around the privacy measures of a digital contact tracing application, but with the safeguards we mentioned and better use of technologies like Blockchain, Artificial Intelligence, etc. we would be able to deliver a safe environment for the already paranoid users.