In June 2020, Guardsquare conducted research into the nature and level of security in use by 17 government-sponsored COVID-19 contact tracing apps built on the Android OS. Since that time, many more apps have been released, and Guardsquare has now studied 95 Android and iOS mobile contact tracing apps.
Our new data shows that 60% of these apps now use the Google/Apple Exposure Notification API, which provides privacy and security protections. However, the 40% that are still “DIY,” have applied either a minimal level of fundamental security protection techniques or no security protection techniques.
Many of these apps leverage GPS tracking resulting in sharing highly sensitive personal and device information without proper security measures in place. This leaves the apps open to potential exposure of private health information and personally identifiable information.
Download the Guardsquare report to see what our second round of research uncovered and learn why it’s so important to take the security and privacy of these public health mobile apps seriously.