A model for a contact tracing app that protects personal data has been developed by an interdisciplinary team at the Technical University of Munich (TUM). The researchers have created an encryption process that enables people who have come into close contact with a COVID-19-positive individual to be warned without their phones recognizing the infected person’s temporary contact number (TCN).
Contact tracing apps are seen as a crucial tool in slowing the spread of COVID-19 and helping to end lockdown measures, with a number currently in development in countries such as the UK. However, concerns over individual privacy regarding their use have been flagged in recent weeks, including fears that the personal data collected could be targeted by cyber-criminals.
Mobiles on which these apps are installed use Bluetooth technology to exchange randomly generated TCNs, which constantly change. The TCNs are collected locally on the devices and stored for a limited period. If someone tests positive for COVID-19, that person’s contacts are immediately notified.
Through an encryption process called private set intersection cardinality, the TUM team have found a means of cross-checking TCNs of infected individuals against those collected on mobile phones without the need to load the TCNs onto their contact’s phones.
“As a result, the risk scenario in which an attacker could combine the received TCNs with other information such as the date, time and location where the TCN was transmitted – which would endanger the anonymity of an infected person – is minimized to a large extent,” explained physicist Kilian Holzapfel, TUM.
A successful qualification request for the app’s decentralized standard to the Bluetooth Special Interest Group has already been submitted. A prototype of the app is currently being tested with the Android operating system; however, the team expect it to be a few more weeks before it is available for use.