COVID-19 contact tracing applications are privacy snares, Defcon

Ali Qamar  - Cybersecurity Analyst
Last updated: October 15, 2023
COVID contact tracing apps Defcon

Two Defcon security conference presentations find the apps launched by the governments consume an unjustifiable amount of data.

This spring, several public health authorities and tech giants across the world rushed in to build contact tracing apps. These applications serve an important role in determining whom the novel coronavirus may have affected.

The purpose of COVID contact tracing apps is awesome, they can help test people and isolate them accordingly. But the dangers are obvious, too.

COVID contact tracing apps boast the power of gathering personal data that exposes your activities, movements, and relationships.

This week, an annual gathering dubbed of hackers dubbed “Defcon” is taking place online. The potential risk of coronavirus contact tracing applications came into focus at it.

The data-hungry mindset of contact tracing apps

Two presentations at the annual security conference centered on the privacy shortcomings of contact tracking apps. Their result is clear, and as expected. The applications tend to collect more information than they need.

Experts believe governments must avoid this data-hungry mindset in contact tracing apps.

A Norway-based security researcher, Eivind Arvesen, who presented at Defcon yesterday, suggested governments a better approach for these apps. He urged governments to ask themselves,

“How little data they need to resolve this concrete issue? And collect no more than that.”

Arvesen presented on Norway’s contact tracing app, which now is deceased. The senior software developer and architect, based in Oslo, Norway, helped review the now-defunct Norweigan app as part of a third-party audit.

Another presentation tomorrow, on Saturday, August 09, will focus on the permissions COVID-19 symptom information and tracking apps demand. It will also shed light on the permissions contact tracing apps ask.

Yes, digital surveillance and tracking have helped contain the coronavirus outbreak in Singapore, South Koreas, and China, among others. But it does not mean the apps should be allowed to harvest more data than they need to solve the problem.

How apps like COIVD contact trackers work

The way human contact tracers work is by hunting down known contacts of the person who has tested positive for a deadly disease like COVID-19. These applications then seek to come to the rescue where an infected person has exposed a stranger to the disease.

For example, if two strangers stand or sit together, the apps installed on mobile phones of both will record the other person as a contact. And then in the days to follow, in case either of them tests positive, they report instantly.

The success of these apps depends on how much percentage of the population uses them. The higher number of population installs them, the more effectively they will work.

Suggested exit plan for contact tracing apps

Privacy experts begin warning about the risks soon after government health agencies turned to applications for augmentation of the contact tracing process.

Governments need to be transparent on the data they collect from phone devices and avoid collecting any data this is not needed. They also should have a plan to delete the data and end further collection when the COVID disaster passes.

Apps capturing location data

According to Arvesen, the Norwaign contact tracing app is the worse on privacy compared to the rest of Europe. But more data-hungry applications are out there in the world.

The creators, who will present their findings on Saturday, scanned 136 apps using their automatic system worldwide. They found that most such apps ask for the permissions they do not need to function as assumed.

As per the co-creator, Megan DeBlois, three-quarters of all the apps scanned demanded location data. Some of the applications are only informational as they merely help people keep track of their corona symptoms. Such apps have no reason to collect users’ location data.

As any privacy advocate or security expert in the world would say, DeBlois stated she would like to see contact tracing apps to be more transparent about the data they use.

Ideally, governments should make their respective apps open source. It will enable privacy researchers to examine codes and flag any issues for the public.

One probable reason why governments have not done it is the pace with which they have had to build the apps. The haste could have made governments keep security reviews aside that would usually be conducted before programs get disposed to users.

Featured image courtesy of Pixabay.

Share this article

About the Author

Ali Qamar

Ali Qamar

Cybersecurity Analyst

A strong passion drives Ali Qamar. He wants to empower internet users with privacy knowledge. He founded PrivacySavvy, an authority dedicated to fostering a security-conscious online community. Ali believes in individual liberty. He has been a vocal advocate for digital privacy rights long before Edward Snowden's mass surveillance revelation shook the world. Ali recently co-authored a book called "The VPN Imperative." It is available on Amazon. The book is a testament to his relentless quest to raise awareness about the importance of online privacy and security. Ali has a computing degree from Pakistan's top IT institution. He understands the details of encryption, VPNs, and privacy well. Many see Ali as an authority in his field. The local press often seeks his insights. His work has appeared in many famous publications. These include SecurityAffairs, Ehacking, HackRead, Lifewire,, Intego, and Infosec Magazine. He is inclined to transformative ideas. This is clear in his work. It aims to reshape how people approach and prioritize their online privacy. Through PrivacySavvy and his writing, Ali Qamar champions digital freedom. He gives internet users the knowledge and tools they need. They use these to reclaim control over their data. They can then navigate the online world with confidence and security.

More from Ali Qamar


No comments.