Israel’s Covid-19 proximity detection app rolls out, with much criticism
Experts highlight problems in the app’s security, code, privacy protection and methodology
The app was designed to be voluntarily downloaded by the Israeli public to help the Ministry of Health in its battle against the spread of Covid-19 amid a second wave of the outbreak that the country is experiencing, by detecting potential contacts between people infected with coronavirus and healthy individuals. However, privacy and information security experts caution against the collection of data by using GPS and the decision not to develop the app according to the accepted standards of similar systems around the world.
The original version of the Magen app (Hebrew for shield) was based on GPS geographical detection alone. The app recorded the location of the user and employed data to send out alerts to other users who were in their proximity if the person was found to be a carrier of the virus.
Bluetooth-based information does not include the user's physical location but rather a listing of devices that were nearby and is considered more accurate, especially when it comes to enclosed spaces such as malls or office towers (GPS cannot detect altitude, and identifies users on the first floor and the 20th floor as being in close proximity).
The launch of the app is an important step in upgrading the health services’ system of epidemiological tests and cutting off infection chains, and if the app is installed by a significant percentage of Israelis (according to preliminary studies, a double-digit rate of users is sufficient), it can eliminate the need to employ the controversial phone tracking program currently being used by the Israel Security Agency, the Shin Bet, which is primarily a national security-focused spy agency.
"It is important that there be massive downloading of the app. Every citizen who uses it will help protect their own health, the health of their relatives and the health of Israeli citizens," Health Minister Yuli Edelstein said in a press release.
However, experts who spoke to Calcalist highlighted various problems with the app, primarily the decision not to base it on the open protocol developed by Google and Apple for the use of such apps (mostly, it seems, because this protocol only allows the use of Bluetooth and does not allow the collection of information from GPS).
"When there is a certain way that the whole world operates by, going against it will create problems," said Ran Bar-Zik, a senior programmer at Verizon Media. "The problems I am already seeing are inaccuracies and very serious battery problems. I also received complaints that it can not be installed on Android devices, including those that are not very old, Note 5 for example. It is not a medieval device, it is only a few years old. Once you do not follow the standards, the problems start. Deploying a system that was not built according to the accepted standards is just an invitation for problems of all kinds."
Professor Karine Nahon from IDC Herzliya and one of the founders of Privacy Israel had comments in a similar vein. “I am glad that the decision-makers have finally decided to launch a civilian alternative (to Shin Bet tracking). But it would have been good if the application was based only on contacts (Bluetooth) and not also on location. Bluetooth is more accurate, and also compatible with Apple and Google’s operating systems. "Once they wanted to add GPS location tracing, they had to build a dedicated app, which took longer, and has not yet been proven to be functional."
Bar-Zik added that as opposed to the previous version, there were no security experts involved in the development of Magen 2.0. “Last time Omri Segev Moyal, a world-renown expert accompanied the development. This time, no one did,” he said. He added however that the app was a necessary evil. “I know that good people worked on it and it’s far preferable to Shin Bet tracking. I installed the app, albeit with a heavy heart, because it is the best option we have. Out of all the government agencies, the health ministry operates best from a technological perspective. I am not 100% pleased, but it’s still okay.”
Hacker Noam Rotem said that the app suffers from problems in its code. "The person who wrote the cryptographic implementation - a protocol designed to ensure users' privacy and that it is impossible to fool the Ministry of Health by inserting fake information - checked the app's code and found that the developers simply copied his code with errors, and did not really understand what was going on there and what it is supposed to do. The released code contains incorrect cryptographic realization that nullifies the state’s ability to verify the accuracy of the information.”
Jonathan Klinger from the Digital Rights Movement examined the app's privacy agreements and found some notable issues there as well. "The documents are very readable and it is clear that whoever wrote them knows what they’re doing. The problem is that because they wrote them so well, it was very difficult to hide the problems in the document," he said. "The first, and the most essential, is that there are contradictions. There is a document in Hebrew and in English and they are completely different. But this is not the only contradiction.
“There is also a difference between the terms of use and the privacy document. The terms of use state that the Ministry of Health will access data stored on Google, the privacy policy states that the ministry will receive the data from the application itself. Not only that: while the document says in black and white that the code is identical to the code on the GitHub website, Noam Rotem revealed yesterday that there are differences between the two versions, which allows things to be inserted through the back door. Another problem, a bit technical but very significant, is that the agreement does not address the right of each of us to access the information stored on it. "
Nahon also criticized the decision to continue the Shin Bet’s program in parallel to launching the app. "The fact that the Shin Bet continues its program in the background while the state asks the public to download an app will make it difficult for the Magen 2.0 app to gain traction for widespread use," she estimated. "People will say to themselves, 'Why do I need two sources to trace me, and then maybe there's more risk I'll be sent into quarantine?' We proposed in the Foreign Affairs and Defense Committee that they employ Magen 2 instead of the Shin Bet tracking.”