Among the coronavirus contact-tracing apps for which the data model is known, 70 per cent operate on a centralised system globally. This means that the location or proximity tracing data processed by the app is funnelled into a centrally run database (most likely controlled by the government or local health service) rather than being stored locally on the user’s phone.
At present, 43 Covid-19 contact-tracing apps have launched worldwide in 23 countries. For fifteen of these, the data model is unknown, but among the remaining apps, 20 are centralised compared to only eight that are decentralised, according to data compiled by Top10VPN, an organisation that conducts independent research on privacy and security issues.
The apps that are both state-run (rather than privately-owned) and decentralised include those in Austria, Czech Republic, Iceland, Indonesia, Israel and North Macedonia. Switzerland is also reportedly in the process of developing a decentralised app.
In Europe, the question of whether to build centralised or decentralised coronavirus contact-tracing apps has become the subject of an increasingly heated debate. On Monday, more than 300 academics signed a letter arguing against the development of centralised contact-tracing apps, because data held in a government database is more vulnerable to later misuse, for example as a state surveillance tool. In centralised models, governments (or whoever is running the backend server) are more likely to be able to de-anonymise the data to identify the individuals behind it.
Interestingly, the data also reveals that 64 per cent of apps have opted to track citizens using GPS data, with the remaining 36 per cent choosing Bluetooth. This is in spite of the fact that Bluetooth is widely recognised to be much more accurate.