New Delhi: A survey conducted on apps launched by various state governments to tackle Covid-19-related issues has found that most of them lack specific privacy policies and some do not have one at all.
Conducted by The Centre for Internet and Society (CIS), the survey looks at 17 apps launched across the country — Covid Care Arunachal Pradesh, Kavach Chhattisgarh, Covid-19 West Bengal, Quarantine Watch Karnataka, Corona Watch Karnataka, Test Yourself Goa, Covid-19 Quarantine Monitor Tamil Nadu, Test Yourself Puducherry, Cova Punjab, CG Covid-19 ePass Chhattisgarh, UP Government SelfQuarantine App, Mahakavach Maharashtra, MP Covid Response App, Haryana Sahayak, Covid 19 Odisha and GoK Direct Kerala.
Data for the study was collected between 26 May and 3 July.
Conceptualised, researched and written by CIS’ Senior Policy Officer Pallavi Bedi and Executive Director Amber Sinha, the survey states that while the Aarogya Setu app has been criticised for loopholes in its privacy policy, there are many state government apps that have “largely escaped attention and public scrutiny” but pose similar concerns if not worse.
Apps launched by the governments of Karnataka, Tamil Nadu, and Uttarakhand monitor movements of quarantined people and provide information on the number of Covid-19 patients across the state.
Those launched by Punjab, Haryana and Odisha offer contact tracing and identification of hotspots.
Also read: India has at least 62 apps to deal with Covid, but they all do the same job mostly
‘No app provides information on how long data will be stored’
CIS states that the survey is an “empirical research based on publicly available data” on the 17 apps and information available about them on the Google Play Store.
The survey reveals that three apps — Covid Care Arunachal Pradesh, Kavach Chhattisgarh and Covid-19 West Bengal — do not have any privacy policy.
Apps without specific privacy policy “are often vague, and fail to specify important details such as the time period for which the data shall be retained and specific use cases for the data”, it states.
Ten others, including Quarantine Watch Karnataka, Test Yourself Goa and Tamil Nadu’s Covid-19 Quarantine Monitor, do not have any specific privacy policy, which means “they either direct the user to the privacy policy of the developer of the app or to the website of the concerned state government”.
Only Cova Punjab and Haryana Sahayak were found to have anonymised the data collected.
No app, the survey states, provides any information on how long the data will be stored for and when it will be deleted.
All of the 17 apps ask for permissions to access data such as storage, IMEI number, web browser, IP address and media files of the user — none of which are required to fulfill their intended purpose, says the survey.
Also, no app offers a sunset clause — an automatic repeal of the entire or sections of the law once a specific date is reached — which means there is no clarity regarding the app’s functionality once the pandemic is over.
Also read: Shashi Tharoor: Aarogya Setu fits right in with Modi govt’s push for greater state control