Why some nations suspended, changed or restarted their Covid apps


As the U.S. government spun its wheels on an official Covid-19 response this spring, countries around the world rolled out national contact tracing apps. Starting with Singapore in mid-March, more than 40 countries have implemented digital notification systems for exposure with varying degrees of success.

Our Covid Tracing Tracker logs the app for each country and the technologies used, taking data protection aspects into account and giving everyone a transparency rating. We update the tracker regularly to document changes – for example after we have discovered that several countries have reversed data protection measures. Among other things: Countries whose apps have been suspended, restarted or replaced.

The Iranian AC19 app, which claimed to detect Covid-19 infections but actually spied on users, has been banned from the Google Play Store and no longer appears to be used. In the meantime, Japan's app has been suspended at least twice due to interference. The country plans to allow foreign travelers to attend the delayed Tokyo Olympics, provided they present negative Covid-19 tests and download tracing apps.

Some other countries initially developed their own systems but switched to the Google / Apple notification system as available. Norway just restarted a new app with the same name as the original after addressing privacy concerns and moving to the Google / Apple framework. The Finnish pilot app from earlier this year has also been replaced by an app with this technology. Similarly, in the UK, an initial test app was scrapped after it was discovered to be having problems detecting nearby iPhones. It was replaced by a Google / Apple system in September. (The new system also had problems: in November it was reported that the app failed to notify users to quarantine them after coming into contact with infected people.)

Some nationwide apps in the US have similarly suffered from false starts and relaunches. For example, the app for North and South Dakota violated its own privacy policy. Many US states do not yet have an exposure notification app at all.

For each app, we document who produces it and where it is available. We also ask five questions based on the principles of the American Civil Liberties Union.

  • Is it voluntary? In some cases apps are enabled – in other places many or all citizens are forced to download and use them.
  • Are there any restrictions on the use of the data? Data can sometimes be used for purposes other than public health, such as: B. Law Enforcement – and these uses can take longer than covid-19.
  • Will data be destroyed after a while? The data the apps collect shouldn't take forever. If it is automatically deleted in a reasonable time (usually a maximum of 30 days) or the app allows users to manually delete their own data, we will award a star.
  • Is data collection minimized? Does the app only collect the information it needs to do what it says it does?
  • Is the effort transparent? Transparency can come in the form of clear, publicly available guidelines and designs, an open source code base, or all of these.

If we can answer yes to every question, the app will receive a star. If we cannot answer yes – either because the answer is negative or because it is unknown – the rating is left blank. There's also a field for notes that can help put things into context.

In addition, we document the basic technology on which the app is based. Here is an explanation of the key terms.

  • Location: Some apps identify a person's contacts by tracking the phone's movements (such as using GPS or triangulation of nearby cell towers) and looking for other phones that have spent time in the same location.
  • Bluetooth: Some systems use proximity tracking, where phones use bluetooth to exchange encrypted tokens with other phones in the vicinity. This information is easier to anonymize and is generally seen as better for privacy than location tracking.
  • Google / Apple: Many apps are based on a system developed jointly by Google and Apple. It allows iOS and Android phones to communicate with each other over Bluetooth, so developers can create a contact tracking app that works for both. The exposure notification function is now built right into some smartphone operating systems.
  • DP-3T: This stands for decentralized, privacy-preserving proximity tracking. It is an open source protocol for Bluetooth-based tracking in which the contact logs of an individual phone are only stored locally, so that no central authority can know who has been exposed.

A public version of the underlying data is stored in a tab of this read-only table. If you have an update, correction or addition to the tracker, please send us the relevant information by email at [email protected]

This story is part of the Pandemic Technology Project supported by the Rockefeller Foundation.


Steven Gregory