Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.
Many countries have turned to smartphones to trace people’s movements and track their contacts, allowing officials to monitor coronavirus infections and spot new outbreaks.
But detailed technical analysis of 11 such apps around the world showed that Bahrain, Kuwait and Norway’s offerings were “carrying out live or near-live tracking of users’ locations”, the rights group said.
Bahraini and Kuwaiti officials told AFP Tuesday that the apps were for the “sole” purpose of combatting the spread of the COVID-19 disease.
“The ‘BeAware’ app was designed for the sole purpose of advancing contact tracing efforts and saving lives,” said a Bahraini government spokesperson, adding that more than 402,000 people in the country had downloaded it.
“It is an entirely voluntary opt-in app… and all users are informed of its use of GPS software before downloading.”
A Kuwaiti official also said the country’s app was “solely linked to the novel coronavirus” and was “established to track people who break a mandatory 28-day self-quarantine”.
But Amnesty reported that the tools were frequently uploading GPS coordinates to central servers, meaning users’ whereabouts could be tracked in real time.
Less invasive apps use Bluetooth proximity scanning to detect encounters with infected users.
“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19,” said Claudio Guarnieri, head of Amnesty International’s security lab.
Authorities in Norway said Monday they would suspend the “Smittestopp” (Infection stop) app over privacy fears.
On Friday, Norway’s data agency, Datatilsynet, said it would stop the Norwegian Institute of Public Health handling data collected via the app.
It had previously said the limited spread of coronavirus in Norway, alongside the app’s limited effectiveness due to the small number of people actually using it, meant the invasion of privacy resulting from its use was disproportionate.
– ‘Are you at home?’ –
“The Norwegian app was highly invasive and the decision to go back to the drawing board is the right one,” Guarnieri said.
“We urge the Bahraini and Kuwaiti governments to also immediately halt the use of such intrusive apps in their current form.
“They are essentially broadcasting the locations of users to a government database in real time — this is unlikely to be necessary and proportionate.”
Amnesty singled out Bahrain for linking its tool to a televised competition called “Are you at home?” in which 10 phone numbers registered with the app were called daily to ensure self-isolation.
Prizes were awarded to those users who were called and found to be at home.
Participation in the programme was initially mandatory, but an opt-out was later introduced.
The latest warnings come just weeks after Amnesty found that a digital tool developed in Qatar had exposed the data of more than a million users.
The glitch, which was fixed shortly after Amnesty flagged it, made users’ ID numbers, locations and infection status vulnerable to hackers.
Privacy concerns over the app, which is mandatory for residents and citizens on pain of prison, had already prompted a rare backlash and forced officials to offer reassurance and concessions.
Non-compliance is punishable by up to three years in jail, the same as for failing to wear a mask in public, in a state battling one of the world’s highest per-capita infection rates.
Users and experts had criticised the array of permissions required to install the app, including access to files and allowing the software to make unprompted phone calls.
Related: Coronavirus Tracing App a Test for Privacy-Minded Germany
Related: French Virus Tracing App Goes Live Amid Debate Over Privacy
Related: European Virus Tracing Apps Highlight Battle for Privacy
Related: COVID-19 Contact Tracing Apps: Effective Virus Risk Management Tools or Privacy Nightmare?