Strategic Communications and Marketing News Bureau

Do COVID-19 apps protect your privacy?

CHAMPAIGN, Ill. — Mobile apps are helping track the spread of COVID-19 to contain the outbreak, but the apps also raise concerns about personal privacy.

Information sciences professor Masooda Bashir and doctoral student Tanusree Sharma at the University of Illinois at Urbana-Champaign analyzed 50 COVID-19-related apps available in the Google Play store for their access to users’ personal data and their privacy protections. Bashir and Sharma found that most of the apps required access to users’ personal data, but only a handful indicated the data would be anonymous, encrypted and secured.

They report their findings in the journal Nature Medicine.

“What is disconcerting is that these apps are continuously collecting and processing highly sensitive and personally identifiable information, such as health information, location and direct identifiers (e.g., name, age, email address and voter/national identification),” they wrote in the journal article. “Governments’ use of such tracking technology – and the possibilities for how they might use it after the pandemic – is chilling to many. Notably, surveillance mapping through apps will allow governments to identify people’s travel paths and their entire social networks.”

Tanusree Sharma

Tanusree Sharma is a doctoral student at Illinois Informatics whose research focuses on information security and privacy.

The functionalities of the COVID-related apps developed around the world include live maps and updates of confirmed cases, real-time location-based alerts, systems for monitoring home isolation and quarantine, direct reporting to the government of symptoms and education about COVID-19. Some also offer monitoring of vital signs, virtual medical consultations and community-driven contact tracing.

Of the 50 apps the researchers evaluated, 30 require users’ permission to access data from their mobile devices such as contacts, photos, media, files, location data, the camera, the device’s ID, call information, Wi-Fi connection, microphone, network access, the Google service configuration and the ability to change network connectivity and audio settings. Some of the apps state they will collect users’ age, email address, phone number and postal code; the device’s location, unique identifiers, mobile IP address and operating system; and the types of browsers used on the device.

Only 16 of the apps indicated such data will be anonymous, encrypted, secured and reported only in aggregate form.

Of the apps sampled, 20 were issued by governments, health ministries and other such official sources. It is not clear if the data collected by the apps is protected by laws such as the Health Insurance Portability and Accountability Act, and the U.S. doesn’t have a structured privacy framework in place as Europe does, the researchers wrote.

They acknowledged that mass surveillance measures may be necessary to contain the spread of the virus.

“Health care providers must absolutely use whatever means are available to save lives and confine the spread of the virus,” they wrote. “But it is up to the rest, especially those in the field of information privacy and security, to ask the questions needed to protect the right to privacy.”

Bashir will participate in a webinar, “Ask the experts: COVID-19 exposure notification, privacy, and security,” with other Illinois security experts at 4 p.m. Tuesday, June 9. They will talk about data privacy and security concerns surrounding the technology pertinent to COVID-19 exposure notification and tracing.

Bashir is the director of Social Sciences in Engineering Research in the Grainger College of Engineering and is affiliated with Illinois Informatics and the Information Trust Institute of the Coordinated Science Laboratory. Sharma is affiliated with Illinois Informatics.

Editor’s notes: To contact Masooda Bashir, email mnb@illinois.edu. To contact Tanusree Sharma, email tsharma6@illinois.edu.

The paper “Use of apps in the COVID-19 response and the loss of privacy protection” is available online and from the U. of I. News Bureau.

DOI: https://doi.org/10.1038/s41591-020-0928-y

Read Next

Humanities Diptych image with book cover of "The New Internationals" and a headshot of English professor David Wright Faladé

English professor’s novel tells of love triangle in post-WWII Paris, based on his family history

CHAMPAIGN, Ill. — A new novel by University of Illinois Urbana-Champaign English professor David Wright Faladé tells the story of three people in a love triangle in post-World War II Paris. The characters in “The New Internationals” — a young French woman who has survived the Holocaust, a university student from West Africa and a […]

Life sciences Portrait of the research team posing together.

Minecraft players can now explore whole cells and their contents

CHAMPAIGN, Ill. — Scientists have translated nanoscale experimental and computational data into precise 3D representations of bacteria, yeast and human epithelial, breast and breast cancer cells in Minecraft, a video game that allows players to explore, build and manipulate structures in three dimensions. The innovation will allow researchers and students of all ages to navigate […]

Arts Photo of seven dancers onstage wearing blue tops and orange or yellow flowing skirts. The backdrop is a Persian design.

February Dance includes works experimenting with live music, technology and a ‘sneaker ballet’

CHAMPAIGN, Ill. — The dance department at the University of Illinois Urbana-Champaign will present February Dance 2025: Fast Forward this week at Krannert Center for the Performing Arts. February Dance will be one of the first performances in the newly renovated Colwell Playhouse Theatre since its reopening. The performances are Jan. 30-Feb. 1. Dance professor […]

Strategic Communications and Marketing News Bureau

507 E. Green St
MC-426
Champaign, IL 61820

Email: stratcom@illinois.edu

Phone (217) 333-5010