#COVID19 Tracing App Leaks User Data

A Dutch COVID-19 tracking app has leaked user data as it made its source code available for scrutiny, according to local reports.

The Covid19 Alert application was one of seven shortlisted by the government to help the country emerge from lockdown via widespread contact tracing.

However, in the race to get their source code online, its developers managed to post files containing 200 names, emails and encrypted passwords from another app it is linked to, according to local site RTL Nieuws.

The accidental breach has been reported to the local authorities, with the developers admitting that in putting the source code online as soon as possible, they made a mistake.

It would seem unlikely that the app will make it through the next round of scrutiny.

The incident highlights the potential security and privacy risks involved in developing software at speed that will eventually be rolled out to as much of the populace as possible.

With lockdown measures across Europe and much of the world severely restricting economic growth, the stakes for a swift relaxation of the rules couldn’t be higher. However, experts are agreed that to do so, governments must have in place rigorous testing and tracing capabilities.

Privacy groups have already warned that the latter could be used by certain regimes to usher in a new era of expanded digital surveillance. China appears to be leading the way on this.

The European data protection supervisor recently called for an EU-wide approach to ensure any apps being developed at a national level are consistent with the GDPR.

He and the UK information commissioner believe that tracing apps can be designed to comply with the privacy regulation, as long as certain conditions are met.

The ICO said on Friday that developers must be transparent about data collection processes, personal data use should be necessary and proportionate, systems must be as decentralized as possible, governance and accountability should be in place and there should be an exit strategy once such data is no longer needed.

What’s Hot on Infosecurity Magazine?