COVID-19 Tracking App Concerns

E.J. Hilbert
6 min readApr 18, 2020

Last week, the media reported that Apple and Google had joined forces to create a COVID Contact Tracking App (CCT app). Various journalists touted the app would be secure and completely anonymous. Anyone who used it would maintain their privacy. Some reports had local healthcare providers sharing patient data to the app, others claimed users would self-report. One reporter claimed it was the only sensible way to restart the economy. And another stated they trust Apple and Google to build a system to protect their health data.

The basic gist of the design was mobile devices to ping other mobile devices in the immediate area and report if the mobile device user was infected with COVID or had encountered someone infected with COVID.

The app would not reveal which device in the area was “positive” only that one in the area was “positive.”

Unlike many who seemed to be awed by Apple and Google joining forces, my first thought on the news was there is no way it will be anonymous or truly effective.

I shared some of my concerns in a series of posts on LinkedIn and while leaving the haters aside, those who wanted to understand my concerns asked if I would put them all together in one article. This is that article.

Understand, my take on the CCT app is based solely on media reports. I have not talked with Apple or Google.

There are some assumptions that need to be made at the start:

1. A method to track exposure is required

2. Apple and Google app builders had altruistic intent when they devised the app

3. The app will be installed on mobile devices and will require updates, refresh keys and other technical changes over time

4. The app will require someone to input the users “COVID” status for use by the beaconing function of the app.

The need to track exposure exists, there is no denying that. However, an app like this relies on people knowing that they have been infected or in proximity to someone infected. This data set requires people to be tested and to have received results. Per the CDC, less than 1% of the total population of the US has been tested for COVID as of 4/17/2020. In other words, 99% of the population has no clue if they are infected or truly been in contact with an infected person. The effectiveness of tracking and warning a person of potential exposure is extremely limited.

E.J. Hilbert

Work in the CyberSecurity and Privacy Arena worldwide, Owner of KCECyber, Ex-FBI. All opinions posted are my own !!!