What are the risks involved with these apps and are they worth it?

As we mentioned before in this article, the Uruguayan Presidential Office has teamed up with several local institutions and companies in the development of its official website and application to fight COVID-19, called Coronavirus.uy. This app optimizes communication between the population and health services, providing people with features such as drive-through testing and telemedicine for those who’ve tested positive. 

During the first stage of development, Abstracta collaborated with the project by testing the performance of the app, but now that we are in the second stage, we’ve started testing the exposure notification feature (previously known as contact tracing) that has just been launched this week. 

This article from coronabicho.uy (in Spanish) explains why the name “contact tracing” isn’t quite accurate, “The applications that are being developed don’t track or trace our location or the people with whom we were in contact. A better name would be exposure notification or proximity tracing.”

Since exposure notification apps are relatively new to me, I decided to do some research on the subject and create a short guide to address some of the most frequently asked questions and some of the controversy. You will find references and links to further readings throughout this article that I hope help you better understand how exposure notification technologies work.

I’d also like to say that I’m no expert on this topic. If you have any questions or find some data that you consider inaccurate, please leave a comment! 

How Exposure Notification Apps are Helping in the Fight Against COVID-19

Manual contact tracing is one of the oldest public health strategies to control the spread of diseases. However, what exposure notification apps are trying to do is to simplify that tedious and time consuming detective work through automation. If we can quickly and accurately know who was in contact with an infected person, not only can healthcare companies optimize time and costs, but also avoid more infections and ultimately save more lives.

How do we automate exposure notifications? Basically, with an app that allows individuals to keep a record of every cell phone that was in proximity to them recently. If a person who was close to you tests positive, as soon as that person makes it public, your phone and all the other ones that were close to it will receive a notification. This way, every person who was at risk of infection could take a test at an early stage and avoid the spread of the virus to others.

If only infected people are isolated, it won’t be possible to fight the virus. It’s necessary to isolate asymptomatic individuals too. The ultimate goal of this, as mentioned here, is to reopen the economy as soon as possible while keeping the number of infections under control.

To better understand how exposure notification applications can help prevent COVID-19 spread, I recommend this article by Tomás Pueyo that shows some great research and analysis regarding exposure notification and models that are being created to analyze huge amounts of data. 

Ultimately, the research shows that it’s necessary for 60 – 90% of the population to adopt exposure notification technologies for them to really become useful.

On the other hand, there are other articles claiming that the adoption rate doesn’t have to be that high in order to contribute to the cause, such as this one published by MIT Technology Review. 

Here’s How Exposure Notification Apps Work

These applications generally use bluetooth, a wireless technology that consumes very little battery power to keep track of all the phones that you come across that also have the same app running. In some countries, other technologies such as GPS or a combination of technologies are used. 

Uruguay in particular is following the guidelines set by Apple and Google.

They’re providing an API that allows the official apps access to the list of all the cellphones that were within a certain distance from each other during a period of time. Having access to this information allows governments and companies to use it to develop their exposure notification applications.

Privacy Concerns

However, as beneficial as the technology sounds, there are many questions around the collection and use of personal information.

Here are some of the main confidentiality rules Apple and Google are committed to respecting:

• Only teams working with official health agencies can access the information these APIs provide.
• A decentralized approach has to be implemented, meaning that no central server will store any data about who crossed paths with whom, instead that information will reside in each cell phone.
• It won’t be possible to store location information.
• User consent is required. No one will be forced to share anything if they don’t want to.

If you want a deeper yet simple explanation, here is a great article.

You can also watch this 90s video game-style video that explains it thoroughly:

And here is a useful diagram that explains how exposure notification technology works from this research article: 

Coronavirus UY App Confidentiality and Features

Different countries are taking individual approaches in relation to the use of exposure notification technologies in their applications. Below, I will share how the Coronavirus UY app will work in Uruguay, and specifically, who will have access to the tracing data.

It’s worth noting that in Uruguay, the Ministry of Public Health will be the one who defines how far apart cell phones have to be to determine which encounters are most risky, therefore, it will also be the one that decides who will receive a test recommendation too. For example, it could be a six foot distance for longer than five minutes.

When health providers test for coronavirus, they have to know the individual’s information, such as ID and phone number, in order to give them the results. If the test results are positive, the healthcare provider will send a notification to the patient’s cellphone and to the app if the patient is a registered user. 

So far, none of this process is anonymous, but it isn’t so different from a normal medical examination where the provider knows the results. Undergoing medical exams, registering for an online patient portal to receive results online, or giving your personal information to your health insurance are nothing new. However, when it comes to location history, exchange of keys through bluetooth, and Google and Apple APIs, the identity of the users is protected because this information is not linked to them.

Eventually, when an app is running on a device, it will get all the keys that returned a positive result from the Ministry of Public Health servers and the operating system (Android or iOS) will locally make the “match” between the COVID-19 positive keys returned by the servers and the keys that the device exchanged with other devices. If the server keys match those on the cell phone, then that person came across a positive COVID-19 individual and they will be recommended to get tested.

Privacy Risks

As explained in this article, the data privacy aspect is what worries people the most.

Who will make sure exposure notification apps will deliver on their privacy promises? What are the real risks of a cyber attack or a leak of sensitive information? 

Luckily, in Uruguay, we’re using a decentralized approach in which GPS isn’t involved, and no information is stored in a centralized server. However, in other countries, geolocation data is used jointly with a centralized approach which carries a much greater privacy risk.

Currently, Google and Apple are providing an API, but it’s possible that in a next stage, more things will be solved at an operating system level. This opens up another great debate about the power that these companies have over our data and our private information.

My View

Here’s what I think as a software tester about the possible risks and success of Uruguay’s exposure notification app:

• For the app to be really effective, it’s imperative that a large number of people use it. That’s why one of the most important things is to spread the word about the app. Once you’re a user, you just need to keep your cellphone with you at all times and keep Bluetooth on.
• If you use the app, there is a risk of information leaking to Google, Apple or governments, such as location history, test results, or even more information than we think, unrelated to the COVID-19 situation (which is exactly the same risk that exists with any other app we use on a daily basis). 
• False positives can happen if the app notifies you that you came across someone who’s infected when in reality, you didn’t. This could happen if there’s a wall between you and someone six feet away (like neighbors in an apartment building). There’s also no way to check that someone actually had their cell phone with them at the time (perhaps they left it somewhere or someone else had it, etc.).
• False negatives can happen if the app doesn’t properly register all the devices it came across less than six feet away. This can happen due to how inaccurate bluetooth technology is, especially considering that there can be hundreds of different devices at the same place and each has different bluetooth antennas, they handle different intensities, etc. 
• Different situations can cause people to distrust the app. If people begin to interact more as the economy opens, it could cause them to receive a higher volume of notifications, creating a general state of alert or a mistrust of what the app is reporting.

From Abstracta, we’ve been working on testing Uruguay’s exposure notification app in different situations to learn how the application behaves and what its limitations are in order to reduce or mitigate the risk of these errors.

Something important to clarify is that the app doesn’t require users to identify themselves if they don’t want to, but they can still receive notifications.

However, it’s crucial to cooperate and understand that by reporting, we are helping not only ourselves, but everyone else.

We feel a great sense of responsibility and honor for having the chance to participate in such an impactful project.

Google’s CEO, Sundar Pichai, even recognized Uruguay and its government for being the first country in South America to utilize exposure notification app technology:

#Uruguay, 1st Latam country implementing #Exposure Notification app with @Google ‘s API. Congrats @OmarPaganini, @MIEM_Uruguay professionals, software team, and private companies involved. Read the letter from @sundarpichai to our President 👇#Covid19 #altogether pic.twitter.com/Cr1q8RomKX

— Juan J. Moreno (@JOTA_uy) June 13, 2020

All our team is really motivated just as all the other companies and organizations collaborating with it are. 

It’s a huge challenge with very high expectations. 

Technology Can Help Fight the Virus

As explained in this article by Tomas Pueyo, when using this exposure notification apps, there are several considerations that we have to take into account. Is it really worth putting our privacy at risk? What personal information are we willing to release to help stop the spread of the virus? Is the risk too great or isn’t it?

Governments and companies like Apple and Google already have a treasure trove of information about us and I truly believe that it’s worth the risk, considering the negative impact versus the possible advantages that this technology can offer us in these difficult times.

What’s your take? Would you use one of these apps?

Leave a comment!

---

Recommended for You

How a Band of Tech Companies is Helping to Face COVID-19 in Uruguay
Model-Based Testing Using State Machines