A comparison of government-backed contact tracing apps based on five technology principles
According to a database maintained by MIT Technology Review, Aarogya Setu, India’s contact-tracing app to combat COVID-19, poses significant risks to the privacy of the user compared to similar apps in other countries.
Though there is little clarity on the design and security of the app, it has been made mandatory in some places. The apps in China and Turkey pose greater risks for user privacy than Aarogya Setu.
The following table lists government-backed apps of 19 countries based on five technology principles and whether the app adheres to them. ‘Y’ indicates compliance while ‘N’ indicates non-compliance. ‘NA’ indicates that there were no data available.
Voluntary: Whether the use is by choice or mandatory.
Limited: Are there limitations on how the data get used?
Data destruction: Whether the data are deleted automatically after a certain amount of time.
Minimised: Whether only necessary information is collected.
Transparent: Whether the app is built on clear and publicly available policies and its design has an open source code.
Viewing in app? Click to view the table.
A comparison of government-backed contact tracing apps
Table appears incomplete? Click to remove AMP mode.
Observations from the table
India is among the three countries to make the app mandatory.
India is among the four countries to not have limitations on the use of data.
Aarogya Setu’s code is not open sourced thus hampering transparency.
Concerns surrounding the code have been highlighted in the public domain recently.
Note: *The Ministry of Home Affairs said on May 17 that all employers “should on best effort basis” ensure that the contact-tracing app is downloaded by all employees who have “compatible mobile phones”.