STAYAWAY COVID: Free Software Association says disclosing app code is not enough

STAYAWAY COVID: Free Software Association says disclosing app code is not enough

The Portuguese application for tracking COVID-19 contacts has not yet been made available to the public, but it has not escaped criticism from various entities, mainly related to the security and privacy of users. ANSOL – National Association for Free Software also has concerns in this area and says that the availability of the STAYAWAY COVID code is not enough.

The association "has been following with concern the developments on the contact tracking application (ARC) STAYAWAY COVID, developed by INESC TEC" and affirms that despite the promise of INESC TEC that it will make available the source code of the application, the use of the API from Google and Apple, whose code is not scrutinable, this is limited to only a part of the application where the data of citizens pass through.

"Any model that uses code that citizens cannot scrutinize must be rejected. We are talking about health data and, therefore, very sensitive data. It is imperative that citizens know what data is collected, who collects it, and how these data go or can be used. ", says Tiago Carrondo, president of ANSOL, adding that" the mere information about who installs or not the application can be used as a source of discrimination ".

The application is now undergoing extensive testing, in a group of about 13,000 people, and Jos Orlando Pereira explained to SAPO TEK the steps that are still missing, and the fact that the source code of the application has not yet been made public.

Transparent or not? Using the Google and Apple APIs

To support the fight against COVID-19 transmission chains, with tools that identify proximity contacts that can be identified in case of positive tests for infection by the new coronavirus, Apple and Google have teamed up to develop APIs that could be used in Android and iOS operating systems, with the commitment to make this code available only to an application per country, which was supported by Governments.

Not all countries have chosen to wait for these APIs, and some have decided to go ahead with other methods, although they have already stepped back, such as the United Kingdom. After an analysis of 11 applications that it considered to be risky for the users' privacy and security, Amnesty International even revealed that it had more confidence in apps that used Google and Apple systems, and also for this reason a representative in Portugal classified the STAYAWAY COVID among those in the least dangerous group.