• Corpus ID: 214640968

Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs

  title={Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs},
  author={Hyunghoon Cho and Daphne Ippolito and Yun William Yu},
Contact tracing is an essential tool for public health officials and local communities to fight the spread of novel diseases, such as for the COVID-19 pandemic. The Singaporean government just released a mobile phone app, TraceTogether, that is designed to assist health officials in tracking down exposures after an infected individual is identified. However, there are important privacy implications of the existence of such tracking apps. Here, we analyze some of those implications and discuss… 

Figures and Tables from this paper

A Study on Contact Tracing Apps for Covid-19: Privacy and Security Perspective
A comprehensive evaluation and specific suggestions will lead to creation and implementation of solutions towards Covid-19 and support governments and mobile development industries in creating safe and privacy conserving apps for contact tracing solutions.
A Study of the Privacy of COVID-19 Contact Tracing Apps
A systematic and cross-platform study of the privacy issues in official contact tracing apps worldwide shows that some apps expose identifiable information that can enable fingerprinting of apps and tracking of specific users that raise security and privacy concerns.
Vetting Security and Privacy of Global COVID-19 Contact Tracing Applications
A venue-access-based contact tracing solution, VenueTrace, is proposed, which preserves user privacy while enabling proximity contact tracing and helps governments and application development industry build secure and privacy-preserving contract tracing applications.
An Empirical Assessment of Global COVID-19 Contact Tracing Applications
An automated security and privacy assessment tool is proposed - COVIDGUARDIAN - which combines identification and analysis of Personal Identification Information (PII), static program analysis and data flow analysis, to determineSecurity and privacy weaknesses.
Acceptability of App-Based Contact Tracing for COVID-19: Cross-Country Survey Study
Investigation of the user acceptability of a contact-tracing app in five countries hit by the COVID-19 pandemic found strong support for the app under both regimes, in all countries, across all subgroups of the population, and irrespective of regional-level CO VID-19 mortality rates.
COVID-19 Mobile Contact Tracing Apps (MCTA): A Digital Vaccine or a Privacy Demolition?
This panel aims to discuss the major challenges and open topics surrounding MCTA to answer a set of challenging questions that are currently open to public debate as well as the global benefits one can expect when fighting the COVID-19 spread.
Enabling User-centered Privacy Controls for Mobile Applications
This study examines users’ preferences for COVID-19 apps and integrates important factors of trust, willingness, and preferences in the context of app development, and suggest mechanisms for designing inclusive apps’ privacy and security measures that can be put into practice for healthcare-related apps, so that timely adoption is made possible.
Privacy during Pandemic: A Global View of Privacy Practices around COVID-19 Apps
This paper conducted a mixed-method study with a combined approach of app analysis and an online survey to understand the privacy vulnerabilities of such apps and get an overview of user perceptions around this issue, and presents two diverse sets of opinions from these two geographic regions.
Acceptability of app-based contact tracing for COVID-19: Cross-country survey evidence
Investigation of user acceptability of a contact-tracing app in five countries hit by the COVID-19 pandemic found strong support for the app under both regimes, in all countries, across all sub-groups of the population, and irrespective of regional-level CO VID-19 mortality rates.
Self-Sovereign Identity and User Control for Privacy-Preserving Contact Tracing
This research overcomes multiple challenges facing contact tracing apps by giving the user the right to choose how much information to share about their diagnosis and their identity, building a novel contact tracing app on top of Self-Sovereign Identity (SSI) to assure privacy preserving user authentication with verifiable credentials, and decentralizing the storage of COVID-19 test results.


Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic
The different technological approaches to mobile-phone based contact-tracing to date are outlined and advanced security enhancing approaches that can mitigate these risks are described and trade-offs one must make are described.
Response to COVID-19 in Taiwan: Big Data Analytics, New Technology, and Proactive Testing.
Taiwan is an example of how a society can respond quickly to a crisis and protect the interests of its citizens in the face of an emerging epidemic.
k-Anonymity: A Model for Protecting Privacy
  • L. Sweeney
  • Computer Science
    Int. J. Uncertain. Fuzziness Knowl. Based Syst.
  • 2002
The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected.
The devil is in the metadata — New privacy challenges in Decentralised Online Social Networks
This work identifies the dangers arising or made more severe from decentralisation, and shows how inferences from metadata might invade users' privacy, and discusses general techniques to mitigate or solve the identified issues.
Deanonymizing mobility traces: using social network as a side-channel
The key idea of this approach is that a user may be identified by those she meets: a "contact graph" identifying meetings between anonymized users in a set of traces can be structurally correlated with a social network graph, thereby identifying anonymized Users.
Contact tracing and disease control
  • K. Eames, M. Keeling
  • Computer Science
    Proceedings of the Royal Society of London. Series B: Biological Sciences
  • 2003
A simple relationship is found between the efficiency of contact tracing necessary for eradication and the basic reproductive ratio of the disease, and this holds for a wide variety of realistic situations including heterogeneous networks containing core–groups or super–spreaders, and asymptomatic individuals.
The Algorithmic Foundations of Differential Privacy
The preponderance of this monograph is devoted to fundamental techniques for achieving differential privacy, and application of these techniques in creative combinations, using the query-release problem as an ongoing example.
Vuvuzela: scalable private messaging resistant to traffic analysis
Vuvuzela is a new scalable messaging system that offers strong privacy guarantees, hiding both message data and metadata, and is secure against adversaries that observe and tamper with all network traffic, and that control all nodes except for one server.
Untraceable electronic mail, return addresses, and digital pseudonyms
A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite of
Is state power to protect health compatible with substantive due process rights?
The Court will uphold public health legislation if it protects an inchoate class of people who may not yet be identifiable, who will incur a specific disease or injury absent the law, but who will not experience this disease and injury if the law is enforced.