A Comparative Review of Contact Tracing Apps in ASEAN Countries
2020-06-02
The TraceTogether created by Singapore is least intrusive when judged on privacy communications and gets the highest overall privacy marks
Introduction
As governments in ASEAN relax lockdown restrictions, Covid-19 contact-tracing smartphone apps are being introduced to help limit any renewed spread of the coronavirus.
What these apps basically do is to allow their users to be better equipped when they participate in the contact tracing process. Specifically, GPS / Bluetooth technology is used to track the locations of all individuals with whom the user of the app may have been in contact.
The users' mobile phone exchanges ID-related information of their mobile phones via short-distance Bluetooth signals with other mobile phones with the same app. If a user has been exposed to an infected person who has also downloaded the app, the user is asked to share their contact history in their mobile phone with the relevant government agency.
Since users will be running such apps in the background on their Android phones, can these smart apps be trusted? How privacy-intrusive are they? Many people are reluctant to download such apps for fear of constant government surveillance. They worry the app will spy on them by extracting all kinds of personal related information from their mobile phones.
We decided to find out if these worries are justified. To do so, we assembled a local team of IAPP (International Association of Privacy Professionals) certified information privacy managers in ASEAN to do a detailed privacy sweep of contact tracing smart apps made available by the governments of five ASEAN countries.
| Malaysia | MyTrace |
| Singapore | *TraceTogether |
| Thailand | MorChana - หมอชนะ |
| Indonesia | PeduliLindungi |
| Vietnam | Blue Zone |
| The Philippines | StaySafe |
Methodology of our Privacy Sweep
We decided to benchmark the contact tracing apps against the survey parameters used by the Global Privacy Enforcement Network (GPEN), which conducted a global privacy sweep of mobile apps back in 2014. That sweep involved the participation of 25 privacy enforcement authorities around the world. (View the full report here.) It assessed the following:
- the types of permissions sought by a surveyed app
- whether those permissions exceeded what would be expected based on the app's functionality
- most importantly, how the app explained to consumers why it wanted the personal data and what it planned to do with it
To understand this, we will first take a look at app 'permissions' in general.
Understanding App Permissions
A 'permission' in an app protects the privacy of the user of the app. Every app must include an 'app manifest' that, amongst other things, lists the permissions that the app uses.
Every mobile phone has an operating system, most commonly the Android operating system (Google) or the iOS (Apple) operating system. The vast majority of mobile phones are 'Android phones' and they have two 'permissions' categories:
- Normal permissions: these permissions do not directly risk the user's privacy - for example, permission to set the time zone is a normal permission. If an app
Already a member?
Unlock these benefits
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.