Privacy experts have branded a planned NHS coronavirus tracking app ‘Orwellian’, but say it may be necessary for the country to survive the pandemic, according to an article in the Daily Mail.
No specific details of the ‘opt-in’ app have been revealed but it would likely make use of GPS and mobile phone location data to track users with the virus. Privacy experts have warned that if the highest level of data protection and privacy isn’t in place ‘it would be too easy for information to fall into the wrong hands’.
An official Coronavirus app in the UK will likely be a source of necessary information for the British general public, whether that be advice and guidance, or statistics and general up-to-date news. You would assume that such app data will be hosted on secure servers, but it is just as crucial to secure the data during runtime on the endpoints, which, in this case, is the phones and tablets running the app.
We see that too many high-value apps that possess critical data run within untrusted environments, like insecure operating systems without necessary protection in place. The threat of targeted mobile malware would be enormous to an app like this.
Mobile malware is especially dangerous on Android, where numerous malware strains have been found to spread through the Google Play store. Apple’s iOS is not 100% safe either, with some malicious apps making their way onto the App Store for brief periods of time. Malware can be distributed to target this app. As a result, the app would need to be given the highest possible protection, as a matter of public safety.
From an attacker’s point of view, the app can potentially be reverse-engineered, and If they are able to masquerade as the official government Coronavirus app, they could portray fake advice and guidance, that looks as though it’s coming from heads of state. They could also display false statistics and news stories, causing mass panic.
In times of such uncertainty and misinformation, it is important that governments realise how sophisticated mobile malware is, and if they choose to move forward with such an app, to work together with app security experts to ensure the highest level of security is upheld.