key: cord-0593607-poi07feq authors: Azad, Muhammad Ajmal; Arshad, Junaid; Akmal, Ali; Abdullah, Sidrah; Ahmad, Farhan; Imran, Muhammad; Riaz, Farhan title: A First Look at Contact Tracing Apps date: 2020-06-23 journal: nan DOI: nan sha: 1f4a143d82317db7170b9b3eacb6ee339ec7bb6a doc_id: 593607 cord_uid: poi07feq Today's smartphones come with a large number of powerful additional devices such as a low power Bluetooth sensor, powerful embedded sensors such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and camera. These value-added sensors revolutionize many sectors of today's community including tracking, social networking, healthcare, manufacturing, and monitoring of the environment, etc. These additional embedded sensors could be used for large-scale personal, group, and community sensing applications. Governments and regulators are turning to use these features of the smartphone technology to trace the people thought to have symptoms of certain diseases or virus e.g. COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking and isolating the persons showing COVID-19 symptoms in-order to overcome the contagious disease. As the embedded sensors could disclose private information of the users thus potentially bring threat to the privacy and security of users. In this paper, we analyzed a large set of smartphone applications that have been designed by the governments to deal with the COVID-19 outbreak and bring the people back to normal life. Specifically, we analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices is transported to the analytics center, what security measures apps have deployed, and what privacy threats these features could have. It is believed that virus that causes the novel COVID-19 disease spread mainly from having close interaction or contact with the person already being affected with the virus and still carrying the attributes of the virus. Since December 2019, work has already been begun on the development potential vaccine, however, till the arrival of the vaccine, the only possible protection solution is to track and isolate the infected people and trace people who recently in close contact with them. For this purpose, several countries have turned into the development of smartphone apps for tracing, tracking, and informing their citizen about the possible danger when they are in close contact with the COVID-19 affected person. A large number of government and non-government contact tracing apps have been developed for different platforms namely android, windows, and IOS. Figure 1 presents the building block and working mechanism of the contact tracing apps [1] . The contact-tracing apps exchange information when the phones of two persons are close enough to each other. These close contacts then will be informed if the other people who are so closed to him have been officially infected with the COVID-19. These apps can only serve as the anchor point to inform citizens and provide suggestions on whether they should go to isolation or not. These apps have already shown efficiency in controlling the spread of the virus in South Korea and Singapore and flatten the spread curve through effect test and then Trace mechanism [2] , [3] . The developed contact-tracing apps are largely developed by the national or country lead health regulators. To provide a reliable and efficient decision, the developed apps utilize the information from various smartphone sensors (GPS, Bluetooth) along with names, addresses, gender, age, contact details, calling log history, and contact history, etc to make the decision. These apps either interact automatically with national health systems for the test results of the citizens or citizens manually provide test results to the health organization. For instance, upon downloading, Pakistan's track & trace app requests permission to use the device's location and user personal details such as name, phone number, and email address and that the data will be shared with a third party. The current version of this app (as of June-2020) then uses the device's location and the location of users with positive COVID-19 test results to render a map showing highlevel hotspots for COVID-19 infections. Similarly, the app developed by Google and Apple uses the Bluetooth beacons to be exchanged information between two persons who are in close contact with each other. Some countries use the call detailed records to trace the close contact of the infected person and isolate them as well. The use of these apps is normally voluntary and consider as the support to control the spread of the virus. The developed app requests for permission of the Private user data e.g. contact details, call history, web searches, camera permissions, access to call records, messages, and mobile media (videos and photos). This information would pose serious privacy and security risks to the users and limit users to use these apps. The privacy of users may be protected through the use of different mechanism e.g. data anonymization, differential privacy, and decentralized app development of apps [4] . However, it is already identified that anonymization systems are not providing effective privacy-preservation [5]- [7] and decentralized app development is still at the early stage and progressing very slowly. In this paper, we provide a first look at the permission and privacy analysis of the contact tracing apps available at the Android and IOS app stores. We have studied the app stores to define the nature of the privacy risks these apps, what types of permissions these apps required for their functioning, which permissions are unnecessary, and how they store and process the user data. Currently, only a small number of certified apps (developed by the country regulator) are available at the play stores, so we performed an exhaustive manual analysis on the available apps. Our analysis shows that the majority of the track and trace apps collect personal information such as name, device ID, and location however some apps require access to further resources such as SMS, microphone, camera, and storage of the device. Access to such resources is not required for the accurate function of such apps and therefore should not be requested by the developers. Furthermore, a number of apps disclose sharing data with third parties however a minimal number of these intimate users or require their permissions before sharing data with third parties. As track and trace apps are voluntary and rely on the public's trust to achieve their function effectively [8] , addressing concerns with regards to data collection and sharing are paramount to their success to combat COVID-19. The rest of the paper is organized as follows: Section II provides a discussion on privacy and permission analysis of mobile apps and work performed towards the development of track and trace apps. Section III defines the background on the trace and track smart applications. The section also provides the working mechanism and important features of developed apps. Section IV critically analyse the security and privacy of different apps and section V concludes the paper. A large number of works have been presented that analyses the functionality of smartphone apps and the leakage of the sensitive information of their users [9] - [11] . In this section, we summarize the works related to security and privacy smartphone apps. A large number of people are currently downloading and using contact-tracing apps and hence the privacy in using these apps has become very important topics for the research and privacy regulation. The regulators such as the Federal Trade Commission, the US National Telecommunication and information administrations, the European Union Commission [12], [13] , Information Commissioners Office [14] are analyzing and providing the guidelines to the app developers, content creators, website operators to improve the development of their products in terms of security and privacy of their apps. Smartphone apps normally get access to user data and other information through the use of permission [15] that the users provide to the smartphone app at the time of installation. For example, an app might want the permission of the user to see the location of the user, the messages stored on the mobile phone, the search history, etc. The user can still control the permission after the installation. Providing permission to various private information would expose the private information of users to the advertisers, insurance companies [16] , [17] , and publicly expose personal data of the users without the users consent [18] , [19] . A large number of smartphones also ask unnecessary permission that is not required for the functionality of the app, these apps might pose a serious threat to privacy and security of the users [20] , [21] . Muhammad et al. [22] , [23] analyzed the security and privacy of smartphone apps designed for blocking the advertisement and providing mobile VPN clients. Ilaria et al. [24] analyzed the permissions requested by the smartphone apps and assigned a sensitivity score to the app if the app asked to read the personal information of the users. They concluded that around 56% of the app asks users to provide permission to sensitive parts of the users data. Barrera et al. [25] investigated the relationship between free android apps and the most popular 1100 Android apps by deploying machine learning methods. It is also concluded that people are willing to spend on smartphone apps if apps are asking for a lesser number of permissions. Enck et al. [26] proposed a lightweight certification mechanism to identified Android apps that are asking for suspicious permissions. Pern et al. [27] studied the user-consent permission systems by using the user-centric data from the Facebook apps, chrome browser extensions, and Android smartphone apps. It is very important to develop tools or applications that inform users about the privacy indicator of the apps they are using for specific purposes. To address this issue, Max et al. [28] developed a prototype that provides users about privacy indicators of the app. The prototype also identifies previously exposed hidden information flows out of the apps. Contact tracing with smartphones can be employed to restrict the transmission of a pandemic disease. Utilizing computing technologies to avert and control the pandemic seems to be an obvious choice. However, these contact tracing apps might invade privacy, collect personal data, and justify mass surveillance against users' wishes. There must be a protocol for contact tracing that observes commitment to privacy, as well as provides the consent mechanism where there is a need to share individual data. Contact tracing may collect personal data such as location which is not an effective privacy control when it comes to user's data [29] . The process of contact tracing usually involves collecting users' privacy information without informing them. Privacy-literate individuals might be reluctant to share their information which in turn hampers the process of contact tracing. Privacy-preserving approaches might encourage individuals to participate more in this process and increase their confidence in those applications [30] . Prominent privacy researchers from across the world are arguing with the government agencies and vendors involved in developing the contact-tracing application about the privacy and highlighted the catastrophic consequences these apps would have on the citizens private lives [31] , [32] . Berke et al. [33] utilized the semantics of private set interaction for assessing the risk exposure of users using encrypted and anonymous GPS locations. Manish et al. [34] analyzed the privacy preservation mechanism for various contact tracing applications and discussed the attributes which contact-tracing apps should have to ensure the privacy of users. Michael et al [35] discussed the ethical consideration of contact-tracing apps for fighting against the COVID-19. Several contacttracing application has been compared in [36] in terms of data collection, retention of data, purpose, and sharing of collected data, what mechanisms the apps have deployed to ensure the privacy of users. Most recently, Carmela et al. [4] describes and analyses a decentralized system for secure and privacypreserving proximity tracing to combat the spread of COVID-19. The system is solely based on the anonymous identifiers of positive users of the COVID-19 without providing the exact location information to the health authorities. Health authorities or any other users would not be able to learn the private information of the users except a notification message when a person is exposed to COVID-19 affected person. The Centers for Disease Control and Prevention (CDS) have issued guidelines that define a set of features a contact tracing apps should have help health departments to overcome the COVID-19 pandemic [37] . Many contact tracing applications involve tracing users using GPS, Bluetooth, and wireless technologies [38] - [43] . These approaches usually provide users with two options. Either the user has to self-report themselves, or the application takes the help of a wireless technology [30] . Contact tracing is an important tool for the community to prevent the outspread of novel pandemic diseases, such as COVID-19 [44] . In past contact-tracing tools have shown effectiveness against the spread of transmissible diseases such as STD, HIV, Ebola, and tuberculosis [45] , [46] . Contact tracing is the process of identifying persons who are in close contact with the infected person so that exposed targets can be informed to have self-isolation and quarantine, thus breaking the chain of transmission [29] . The current outbreak of COVID-19 and its highly contagious feature motivates technology developer to develop smartphone apps for the effective tracing of the footprint of the disease. In this section, we provide the architectural setup of contact-tracing apps and their significance towards controlling the spread of disease. The design of contact-tracing apps is mainly using data from the users thus has some privacy concerns which motivate the developer to come up with privacy-preserving solutions. The privacy of users can be addressed using the centralized and decentralized system setup. The centralized and decentralized apps entirely have different architecture and properties shown in Figure 2 and explained below. 1) Centralised models: In the centralized setup, the smartphone of the users having specific contact-tracing apps send the random identifier to the centralized trusted system. The centralized system in this setup holds the information from all users of the app. If a person has tested positive for the COVID-19 virus, the identifier of other users who have exchanged identifiers in the past can be sent to the centralized server along with other information e.g. time data is sent, a time when identifiers are exchanged, etc. The centralized system decrypts the identifiers and automatically notifies the interacted phones suggesting or informing users to self-isolate or take other preventive measures. The centralized system can also utilize the available information for further analysis and policies for placing lockdown in hard-hit proximities. 2) Decentralised models: In the decentralized setup there is not a trusted centralized system that exists for the handling of the user's data and matching of smartphones identifier. If a person is diagnosed positive with the COVID-19, the identifier of his phone and test result is uploaded to the centralized system. Other smartphones having the app can access these reports and locally establish the truth whether he was close to an infected individual or not. If a smartphone comes across the identity that has COVID-19 then alert is the sent to the user of the smartphone for precaution and self-isolation. The location and proximity of the person are not known to the centralized system thus ensuring the privacy of the users using the app. The health organizations or the government still used the shared data to understand the spread of the virus in the community but would not have detailed information about the users. Since the outbreak of the COVID-19 pandemic in December 2019, as of June 2020, there exists no medicine or vaccine to fight against the rapidly spreading pandemic. Governments across the world are currently focusing on the ways that would have the least load on their health systems. This has been achieved through imposing travel restrictions or lockdown restrictions on the people however, it not only effecting the economy but also fears the second wave of infection once the lockdown restrictions are relaxed. The governments are finding ways to identify the methods for contact tracing to quickly identify and isolate the infected person. The manual contact tracing is not only slow, have a late response, but would also require resources for identifying infected persons and then asking for his contact and then contacts of his contacts to track the flow of the disease. The technologies soon realized the importance of smartphones and used the inbuilt smartphone sensors for tracking in an automated and efficient way. The use of digital technologies help the citizen at the early stage of the virus spread and inform people for the isolation at the early stage. The use of smartphone apps for contact tracing has shown promising results in several countries to combat the spread of the virus, however, the performance efficiency depends on the number of people using the application. One thing that limit the usage of the app is the privacy, because a large number of existing apps store data at the central trusted system, and in some circumstance, this data is made available to the third party systems for performing artificial Intelligence and data analysis. As the healthcare officers and medical entities are working together worldwide to fight the spread of this pandemic, Google and Apple have joined an effort and developed a privacy-preserving contact tracing API that uses Bluetooth signals [47] . This framework allows healthcare agencies to propose or develop the smartphone apps that helps in limiting the spread of the disease with the help of Bluetooth technology. This API will bring interoperability between iOS and Android devices while maintaining privacy, consent, and transparency [48] . A test project, PACT (Private Automated Contact Tracing), was built at MIT to harness the strength of Bluetooth-based, privacy-preserving, automated contact tracing API. This project detects proximity between contacts with the help of Bluetooth signals within a 6-foot radius. Instead of relying on the GPS, this system sends out random Bluetooth numbers, which can later be updated to a database with the user's consent [49] . The first large scale-pilot for this joint venture has been launched in Switzerland, known as SwissCovid. This application determines the close contact that lasted for more than 15 minutes and notifies the user with the procedure to follow [50] . Apple also released a new application for COVID-19 based on CDC guidelines that provide COVID-19 information across the USA. In this application, the users have to answer some questions related to recent exposure and risk factors. In return, they get a CDC recommendation on what their next step is to be. However, this application does not replace a healthcare worker in any way [51] , [52] . Another application, "HEALTHLYNKED COVID-19 Tracker", which became the most downloaded coronavirus tracker application for March. The application enables users to track local cases and chat with other users around the world. The most unique feature of this application is that it enables real-time chat with other users and share updates [53] , [54] . In this section, we will present our approach to studying current contact tracing apps for COVID-19. We have focused on smartphone apps for any platform (iOS, Android, Microsoft) and available anywhere in the world. Although there appears a concerted effort by governments across the globe to contain the pandemic, we identified through our analysis that many such apps have been developed by third-party individuals or organizations. Therefore, we have included these in our analysis. Furthermore, as the contact tracing technology is still in its early stages (especially within the context of COVID-19), although many apps claim to perform track and trace function, their effectiveness in this respect is subjective. As our aim for this study was to achieve an in-depth analysis of the state-of-the-art, we used exhaustive search techniques to identify available applications across all platforms, irrespective of the country in focus or the developing organization (government and private). Further, due to the difficulties faced by several countries to achieve effective contact tracing, we did not exclude apps performing the partial or limited function in this regard. Overall, we identified 26 smartphone apps that claim to perform contact tracing in their description (in google play or app store) belonging to 17 different countries. Details of these apps are presented in table V with a brief description of some apps presented below. • COVID-19 Gov PK is an app developed by the government of Pakistan. Initially, the application provided awareness to citizens about COVID-19, however, with the development of the new radius alert feature, this application requires access to the user's location at the time of installation [55] . • Health Canada is developed by the government of Canada to provide a personalized recommendation to the users based on their risk factors. Personal data collected is only used by Health Canada and is not shared with any other application or agency [56] . • The government of Vietnam has developed an application named COVID-19 which includes features such as chatbot, consultation, and live updates on COVID-19. The application requires access to media, location, storage, device ID, and call logs. The application's privacy policies are updated in its native language [57] . • COVID19 -DXB Smart App is developed by the government of Dubai and provides general information on COVID-19 and also provides correct statistics. The application collects personal information voluntarily but does not share with the third-party applications unless required by the law [58] . • COVI is a third-party COVID-19 informative app developed by Droobi, a Qatar based digital company that deals with the development of science-based programs. The application has introductory materials on COVID-19, accurate updates from the Ministry of Health, Qatar and WHO, and useful tips to prevent the spread of the Corona virus. This application collects personal data such as contact information, age, health information, and unique identifiers, etc [59] . • Corona360 is an app developed in South Korea which enables users to update their COVID-19 status as well as view the status of other people. For privacy reasons, the app does not collect any personal information such as ID, name, or phone number [60] . • CoronaCheck is a third-party application has been developed to enable its users to conduct self-assessment and provide accurate expert COVID-19 information to the users. This application does not collect any personal information and does not share data with third-party vendors [61] . Our study of these apps consisted of analyzing publicly available information shared by the app developers and platform i.e. privacy policy, permissions requested, and user reviews. Furthermore, as some of the apps did not use SSL, we performed black-box testing of the apps using the Burp suite to analyze the network traffic during the app usage. The traffic analysis did indeed help us identify the information collected by these apps and shared with back-end servers which are liable to interception using network sniffing software. Permissions required by a smartphone app are significant as they communicate with the user the resources required by the app to perform its function. Therefore, presenting the user with a list of permissions not only achieves transparency (providing the user an insight into the app operation) but it also serves to seek user consent. Within the context of our study, we have gathered information about the permissions required by the track and trace apps under study. Figure 3 presents a graphical representation of the distribution of the apps with respect to permissions required by them. As presented in Figure 3 , we expected the majority of the apps to require access to location data of a device however our study also identified permissions requested by the apps which are not necessary to perform their function. For instance, we identified 06 apps that require access to SMS and call information of the device. In some scenarios access to phone numbers can be envisioned however access to SMS within a device is not essential to the function of a track and trace app. Similarly, we identified 04 apps to require access to the camera of the device which is of course an unexpected request by a track and trace app. Furthermore, four of the apps studied require access to the microphone of the device whereas 05 apps requiring access to media and storage of the device which are of course not critical to the app's function. Such apps are indeed causing for concern concerning the privacy of their users and exemplify a lack of attention to the security and privacy of users by the app developers. To understand the privacy considerations applied for the apps within our study, our analysis took into account the privacy policy published by the application developer as well as the use of basic privacy protection mechanisms such as SSL/TLS to achieve encrypted data transmissions. Through the study of privacy policies of the apps, we concluded that most of the apps collect personal data such as location information, name, and phone number, etc. This is expected as such information is vital for an effective track and trace function however appropriate mechanisms should be applied to ensure secure sharing, processing, and storage of such data. Such details were not available for most of the apps analyzed in this study. Furthermore, an interesting observation we made was the type of information gathered by the apps. Specifically, our analysis identified that the track and trace app developed by Dubai collects specific personal information such as date of birth, name, email address, and caller ID. This level of information is not required for effective track and trace but it would in effect risk the privacy of users under real threat as any malicious actor with access to such information can easily perform attacks such as ID theft. We believe the data collection policies for such apps require immediate attention to minimize risk to individual user privacy. Another aspect concerning privacy of information collected is how the stored and shared by the apps. In this respect, our analysis revealed that 10 of the apps studied share data with third parties however the nature and identity of such parties is not identified in the privacy policies. This is a cause of concern concerning individual privacy as the aims of sharing this data are not clear and therefore users are not aware of how their data may be used. For instance, a common apprehension among users is the sharing of data with advertisement agencies who may wish to use such data for targeted advertisement and adware. Having said this, we also identified examples of good practice within our analysis. Specifically, some of the apps clearly state requirements for user consent before sharing data with third parties thereby assuring users with respect to how their data is shared. For instance, Corona360 (the app developed by the government of South Korea) collects personal and sensitive data of users but whenever the data is used, the user is notified for the reason of data usage. In addition to the above, our analysis also uncovered security vulnerabilities within some apps. In particular, we identified 05 apps that were not using SSL/TLS to ensure secure communication made through the app. Pursuing this direction of analysis, we conducted traffic monitoring of such apps and identified serious flaws in the app developed by the government of Pakistan. Details of these vulnerabilities have been reported to the relevant authorities however such vulnerabilities do put user privacy at risk especially where the app is collecting and utilizing personal user data. In addition to the permissions requested, privacy policy, and traffic analysis of the worldwide COVID-19 track and trace apps, we have also studied user comments available in Google Play and App Store reviewing these apps. Although the majority of these comments are related to the usability and general function of the app, we found some comments to be insightful with respect to how the app collects and utilizes data. For instance, the app developed by the government of Israel was commented by a user to ask for users' permission when sharing data with third parties as well as to guarantee not to send the data anywhere but compare it locally on user's device against downloaded "Corona paths". Another interesting observation was made for the Corona-Datenspende app, where user comments suggest that one cannot use the app without connecting to a fitness account and hence completely breaking the point of anonymity. As suggested by the user, connecting to the app via a fitness app such as Fitbit indeed does indicate sharing personal user data across different apps which is a risk to user privacy. Through analysis of the user reviews of apps, we observed that although some of the users have included concerns about privacy of information through their feedback, these are relative minor proportion of users. For instance, for the COVID-19 Gov PK app, user review include comments highlighting lack of encryption and concerns about data travelling in plaintext. However, for apps such as Corona-Datenspende which requires a user to connect to a fitness app as a pre-requisite, there are no user comments with regards to how data is captured, analyzed, stored and processed between the thirdparty fitness app and the government app for CVOID-19. These observations reflect lack of awareness among users with regards to measures to preserve privacy of personal data collected, stored and analyzed by computing systems therefore requiring efforts to raise awareness among users. As Coronavirus is a contagious disease that spreads through human contact, contract tracing is vital to containing its spread. Furthermore, mobile devices present an ideal platform to introduce contract tracing software due to their ease of use, widespread ownership and personalized usage. Therefore, several smartphone apps have been developed by governments, international agencies, and other parties. However, there is an increasing concern regarding the collection of data, outsourcing data to the third-party system. In this paper, we analyzed a large set of contact-tracing apps for different security and privacy metrics. Specifically, we analyzed contacttracing apps for permission analysis, privacy analysis, the security of the apps, and reviews of the users. Across the analyzed applications, we found that the proposed apps were more likely to require unnecessary permissions, outsource the data to the third-party system. We have also identified that some apps (used in developing countries) are not adopting proper security measures for the exchange of the data to and from the user to the data centers. Our analysis of the user reviews and the ratings for contact-tracing apps suggested that a large number of users are aware of privacy concerns these apps might to them. As a part of our future work, we are looking to develop a survey questioner that directly considers the feedback from users to further understand the usability and security concerns of users. Quantifying sarscov-2 transmission suggests epidemic control with digital contact tracing Test, trace, contain: how south korea flattened its coronavirus curve How digital contact tracing slowed covid-19 in east asia De-anonymizing social networks Robust de-anonymization of large sparse datasets An automated social graph deanonymization technique Coronavirus: Nhs contact tracing app needs 60% takeup to be successful, expert warns Pscout: Analyzing the android permission specification Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones jekyll and hyde is risky: Sharedeverything threat mitigation in dual-instance apps General data protection regulation gdpr Mobile privacy principles promoting consumer privacy in the mobile ecosystem Mobile privacy disclosures: Building trust through transparency: A federal trade commission staff report The effectiveness of application permissions Many popular android apps leak sensitive data, leaving millions of consumers at risk Researchers spot thousands of android apps leaking user data through misconfigured firebase databases On the leakage of personally identifiable information via online social networks Why does your data leak? uncovering the data leakage in cloud from mobile apps Analyzing unnecessary permissions requested by android apps based on users' opinions Reducing permission requests in mobile apps A first look at mobile ad-blocking apps An analysis of the privacy and security risks of android vpn permission-enabled apps Improving user choice through better mobile apps transparency and permissions analysis A methodology for empirical analysis of permission-based security models and its application to android On lightweight mobile phone application certification Is this app safe? a large scale study on application permissions and risk signals Better the devil you know: Exposing the data sharing practices of smartphone apps Peer-to-peer contact tracing: Development of a privacy-preserving smartphone app Contain: Privacy-oriented contact tracing protocols for epidemics Joint statement on contact tracing: Date Contact tracing in the real world Contact tracing mobile apps for covid-19: Privacy considerations and related trade-offs Privacy guidelines for contact tracing applications Ethics of instantaneous contact tracing using mobile phone apps in the control of the covid-19 pandemic Privacy & pandemics: The role of mobile apps (chart) Preliminary criteria for the evaluation of digital contact tracing tools for covid-19 Epic: Efficient privacypreserving contact tracing for infection detection Use of a mobile application for ebola contact tracing and monitoring in northern sierra leone: a proof-of-concept study Enact: Encounter-based architecture for contact tracing Mobile application for dengue fever monitoring and tracking via gps: Case study for fiji Privacy-preserving inference of social relationships from location data: A vision paper Epimap: Towards quantifying contact networks for understanding epidemiology in developing countries Contact tracing mobile apps for covid-19: Privacy considerations and related trade-offs Introduction of mobile health tools to support ebola surveillance and contact tracing in guinea Contact tracing to control infectious disease: when enough is enough Privacy-preserving contact tracing Apple and google partner on covid-19 contact tracing technology Covid-19 digital contact tracing: Apple and google work together as mit tests validity The world's first contact-tracing app using google and apple's api goes live Apple releases new covid-19 app and website based on cdc guidance Covid-19 screening tool Healthlynked corp.'s covid-19 tracker no.1 most downloaded app in apple medical store for march Healthlynked Application developed to deal with corona virus Covid-19 Covid19 -dxb smart app Covi Corona360 Coronacheck