EN: COVID-19: Portuguese Track&Trace App "STAYAWAY" — Invasion of privacy?
The new STAYAWAY COVID app is finally available for iPhone and Android, after several postponements.
Through this app — sponsored by the Portuguese Government — each of us can receive warnings if we’ve been in contact with someone who’s been registered as diagnosed with COVID-19.
When it was announced, STAYAWAY COVID generated some amount of controversy: what kind of information is shared through my phone with the government, if I install the app? Is my location going to be permanently available? How much of my privacy is questioned with this piece of software?
These questions are understandable; there’s so much that happens on our phones that we don’t understand or know how to control. It’s worth exploring the way this app works, and to decide wether to install it once we understand it a bit better.
Behind the screen
First and foremost, we must clarify the end goal do this app. The user can receive a notification if they’ve been in contact with someone who’s now infected and has had the app installed too.
This app is not unique in the world: during this pandemic, several apps — most of them sponsored directly by national governments — have been developed with the same purpose.
For a more consistent approach, Apple and Google — the companies behind the operating systems within iPhones and Android phones — have come together and developed a system that allows any participating smartphone to communicate with others in an anonymous and secure way. This decentralised system avoids data being kept under the responsibility of a single entity, and makes it harder to get away with abusing the system.
Both operating systems have been updated so that only when the user sets up an app like STAYAWAY, can the phone register any information and send out alerts.
STAYAWAY (and many other apps built for the same purpose) use Apple and Google’s shared mechanism, especially because this way, all apps that have chosen this method can communicate with one another and alert people that have been exposed even if that happened abroad.
How does this shared mechanism work then? At first glance it looks complicated but it was designed to be simple and robust.
The phone frequently changes its ID/”alias”, while keeping in its proximity logbook the IDs of other phones.
The app doesn’t require any registration or authentication — in effect it does not know who we are.
The phone does not record your location, accesses contacts, messages, cameras or microphones. In any case, it’s important to remember that nowadays any app needs to actively ask the user for permission to reach this kind of content.
The app generates a random ID that is unique for the phone. This ID changes throughout the day, but the phone keeps a list of the IDs it has had, like a secret agent keeping score of the aliases they’ve used.
Through Bluetooth — that needs to be kept on at all times — the phone listens for any other devices emitting their IDs. If another device is near enough from your phone (with a signal strength that indicates two meters or less, for 15 minutes or longer), each phone saves the other’s ID.
Your phone will only locally keep a list of the IDs it has encountered for the last 14 days — let’s call it a “proximity logbook”.
If someone has a positive diagnosis, the doctor will provide them with a confirmation code to type into the app — this is a voluntary action. When the code is typed in, the infected individual’s phone will send its list of “aliases” to the app’s server.
Once per day, all phones that have the app download the list of “aliases” that have been marked as infected. If any of the infected “aliases” match your phone’s “proximity logbook”, your phone will notify you.
Should I be worried?
In my opinion, no. Because:
Disfarces eficazes
The app can’t match a phone to a citizen. So, even if it were monitoring what we do, it wouldn’t be able to link any behaviour to specific individuals.
The ID system is very cleverly built: one phone has several “aliases” throughout time and only it knows that list. In the same way, only the phone itself knows its “proximity logbook”. There’s no sharing of names, phone numbers, locations, etc. The phone only downloads a list of “infected aliases” once a day, and pings you if necessary.
The app doesn’t need anything except for access to the internet and Bluetooth. It should be noted that some versions of Android bundles the access to “location services” such as Wifi, Bluetooth and GPS. So, in those cases, to access Bluetooth the app will need to ask for “location services”. More recent Android versions allow the user to define if an app is forbidden from accessing GPS, and keep just Bluetooth.
There’s a conscious effort with this approach to keep data privacy — starting with not collecting virtually any data at all.
Other apps, that work differently, can be more problematic. In its original version, the official UK app — NHS Test and Trace — used a centralised approach that demanded the user register with their personal data, and registered all contacts in a centralised way, capturing a history of proximity between citizens.
This approach gives the government an excuse to access a big amount of information about individuals in a way that cannot be monitored and is unnecessary; in this case we should indeed be concerned.
It bears stating clearly that this approach also did not access phones’ GPS.
The final version of the app adopted a format very similar to our STAYAWAY app, even though the developers refused to adopt the system created by Apple and Google.
In a final remark, our fear of our personal data being used against us is not unfounded. And in fact, our concerns already match reality. But instead of a government trying to constrain our freedom, private companies like Google, Facebook and Amazon use our data to make us spend more money, manipulating our behaviour without us realising.
Even if they need to be understood and deconstructed, our fears are there for a reason.
You can download the apps for iPhone and Android here, without any fears of having your privacy invaded.
Thank you for taking an interest in this article! I write one or two articles per month. If you’d like to receive them via email, drop me a message ☺️ I’ve got this automated for my Portuguese articles, so let me know!