3 Key Security Challenges with Contact Tracing Apps

12
Contact Tracing Apps, NHSX, UK, IT Security, Apple, Google CEO, CTO, CISO, IT, Contact Tracing Apps, NHSX, UK, IT Security, Apple, Google
3 Key Security Challenges with Contact Tracing Apps

As the world rides an uncertain wave of coronavirus pandemic to find ideal contact tracing apps, privacy, and security concerns continue to rise

Governments and private enterprises around the world are gunning for an ideal contact tracing app to control the spread of coronavirus. Contact tracing apps, in theory, could be a nail in the coffin for the plague that has ravaged the global economy. On one hand, these present a cheap, mass-produced, and safe solution to control the pandemic. However, experts warn that these apps in their current stage are not up to the mark.

Remote Work: Maximize Productivity amidst Covid-19 and Security Challenges

For example, Matthew Gould, Head of NHSX informed the UK parliament that citizens would not be able to delete data collected by the app. Allan Woodward, professor of cybersecurity at the University of Surrey told CSO magazine, “That’s where I start to get really concerned. That is the mission creep of the worst kind.”

Moreover, privacy concerns aren’t the only ones plaguing the development of contact tracing apps. These apps have arisen out of two key approaches, a centralized one, and a decentralized one. Decentralized apps, which promise a low level of government’s strategic intervention, are being built in partnerships by companies like Google and Apple. On the other hand, countries like the UK have favored a centralized approach, which gets more scrutiny as these are more prone to security, and privacy breaches. The following are 4 key issues with the contact tracing apps.

Protocols

According to researchers at FireEye, currently, there are eight different protocols used in building tracing apps. These protocols vary significantly between countries and adhere to different strategic goals. This makes it difficult to operate them across national borders and presents complex security challenges.

Performance

Due to the centralized approach from some countries, the contact tracing apps have fared extremely poorly in some countries. For example, in Australia, the contact tracing apps do not work well on the iPhones. This raises significant questions about the know-how of makers, who launched this app. Today, the iPhone app ecosystem is one of the biggest in the world, and launching a critical app without the required sophistication raises further questions about security related to contact tracing apps. According to CSO reports, some insiders have reported that the code database in the UK app was a mess.

Long-term Impact

Increasingly, questions are being raised whether these apps will be used for long-term surveillance on citizens. According to the Future of Privacy Forum’s Polly Sanderson, this concern will likely become graver in states where adherence to fundamental human rights aren’t adequately protected. Concerns like these have cropped in India, wherein the government representatives told people, “it was not mandatory to download it”.

Is COVID-19 Lockdown Keeping the Fraudsters Also Home?

The future of these apps and government direction remains uncertain. As more governments rush to introduce contact tracing apps, the air surrounding their launch delves into a fog of unclear mist, surrounding potential data use. Moreover, it is questionable whether these apps can ever attain their true potential. A late launch in most countries and a large aging population in several developing countries will likely limit their penetration on a large scale. On the other hand, these apps require around 60% penetration to reach their promising potential.

However, if enterprises find a way around the privacy, and security concerns, they will likely find promising opportunities in these uncertain times.