Most mobile applications that track the spread of COVID-19 require access to users’ personal data, but only a handful indicate the data would be anonymous, encrypted and secured, according to a study by Indian-origin researchers in the US.
Professor Masooda Bashir and doctoral student Tanusree Sharma from the University of Illinois at Urbana-Champaign analysed 50 COVID-19-related apps available in the Google Play store for their access to users’ personal data and their privacy protections.
The researchers noted that it is disconcerting that these apps are continuously collecting and processing highly sensitive and personally identifiable information, about health, location and direct identifiers like name, age, email address and voter or national identification of a user.
“Governments’ use of such tracking technology — and the possibilities for how they might use it after the pandemic — is chilling to many,” the researchers wrote in the study published in the journal Nature Medicine.
The researchers explained that functionalities of the COVID-related apps developed around the world include live maps and updates of confirmed cases, real-time location-based alerts, systems for monitoring home isolation and quarantine, direct reporting to the government of symptoms, and education about COVID-19.
Some also offer monitoring of vital signs, virtual medical consultations and community-driven contact tracing, the said.
Of the 50 apps the researchers evaluated, 30 require users’ permission to access data from their mobile devices such as contacts, photos, media, files, location data, the camera. These 30 apps also require the device’s ID, call information, Wi-Fi connection, microphone, network access, the Google service configuration, and the ability to change network connectivity and audio settings, according to the study.
The researchers acknowledged that mass surveillance measures may be necessary to contain the spread of the virus.