Several widely used COVID-19 mobile apps pose privacy risks to users, a new independent investigation has found.
According to the probe conducted by the International Digital Accountability Council’s (IDAC) over the last two months, there were some instances in which apps didn't follow best practices regarding privacy or did not sufficiently protect users from potential risks.
“If responsible steps to rein in the pandemic and reopen our devastated economy require changes in how much information people share about their health and movements, the public should be able to trust that their data will be used responsibly,” said Quentin Palfrey, president of IDAC, in a statement.
The IDAC reviewed 108 global COVID-19 mobile apps across 41 countries to understand whether consumers' personal data was being used responsibly.
In order to conduct the review, they analyzed how apps collect personal data, what data the apps collect and what third parties receive data from these apps.
“Smartphone apps offer promising tools for collecting data about users’ contacts and sharing that information with public health authorities. Our analysis shows that many of these tools employ good privacy and security measures, but that some apps did not follow best practices relating to transparency, security, and data-sharing with third parties,” Palfrey said.
These are a few of their key findings:
Out of 23 contact-tracing apps, fewer than 20 percent specifically mention or inform users if their personal data is anonymized.
Abougt half of the contact tracing apps requested potentially "intrusive" permissions.
The majority of symptom-checker apps analyzed were not transparent about third-party sharing practices.
Six apps, including the Centers for Disease Control and Prevention’s app developed by the U.S. government, were observed sending insecure transmissions, leaving users open to an array of malicious cyber attacks.