NewsLocal News


Cal Poly professor says contact tracing apps can alert you to COVID-19 exposure but come with risk

Posted at 11:26 AM, Jun 24, 2020
and last updated 2020-06-24 14:26:56-04

Apps designed to track exposure to COVID-19 are being downloaded onto phones around the globe but a Cal Poly cybersecurity expert warns of the potential risks involved.

The apps are controversial because they utilize the phone's location services to track your whereabouts and alert you when someone positive for COVID-19 has crossed your path.

Most American iPhone and Android users already have the option to enable contact tracing software.

Once an app is downloaded, it assigns the user an anonymous number. Using Bluetooth, interactions with other users are recorded.

If and when a user tests positive for the virus, the app alerts other users who pinged close to the infected individual.

"The platonic ideal of this app could be amazing, a real game-changer, in helping us understand how the disease spreads, whether I was infected or not," Cal Poly cybersecurity expert Zachary Peterson said.

But this benefit comes with a risk. Peterson said a hacker could use the Bluetooth signal to locate a person's home and work address, along with other personal information.

Peterson worries it could also be upended by trolls, who may manipulate the system to send false alerts.

"Then I think there are real questions around who can have access to this data," Peterson said. "Can it be subpoenaed by the court? Can the cops use it as a means of identifying whether two people were in the same place at the same time? There's not good legal precedent behind this."

Guard Square, a mobile application protection organization, reviewed 17 Android contact tracing apps from 17 different countries and finds only one-third are equipped with basic encryption.

Guard Square researchers said this type of technology is important but warns against sacrificing security for speed.

For the apps to provide meaningful data, a large portion of the population needs to download the tracker.

California representative Anna Eshoo (D-Santa Cruz) introduced the Public Health Emergency Privacy Act to limit how companies working on pandemic response efforts share personal data.