COVID-19 Tracing Apps – New Evaluation Tool

This post is also available in: עברית (Hebrew)

As the COVID-19 pandemic started, private industries and tech sectors around the world developed smartphone-based solutions to automate the manual contact tracing process. While smartphone-based contact tracing tools can help track the interactions of people who were exposed to the novel coronavirus, if they aren’t secure, their usage could result in the exposure of individuals’ sensitive, personal health information.

Now, the US Homeland Security Department (DHS) wants to ensure that privacy and civil liberties are protected when using them, gauging the security and privacy risks posed by digital COVID-19 contact tracing apps. 

The Department has selected six startups to create and refine such technology. The companies will receive an initial award for a pandemic-specific solicitation launched last year through DHS’ Silicon Valley Innovation Program. The first one, AppCensus, was granted $198,600 to steer the solution’s development. 

The startup already runs a platform for the testing of mobile applications’ security and privacy at-scale. Through this work, that tool will be adapted to “develop an on-demand, automated mobile-app testing system” to enable such assessments of “publicly available android and iOS digital contract tracing apps,” according to the agency’s announcement.

AppCensus is set to share a public microsite detailing the results of app analyses it conducts. Those will include sensitivity categorizations for data the apps collect, disclosures from the developers about how the information is used, data collection practices of embedded/connected third-parties detected within the apps, and other relevant information.

“It is important to safeguard privacy, security, equity and liberty with digital contact tracing and exposure notification applications,” Anil John, DHS’ SVIP technical director said in a statement. “Once adapted and enhanced, the AppCensus platform will provide reports based on consistent tests using openly developed criteria of publicly available digital contract tracing applications to make it easy for people to understand potential privacy and security risks.”