Netherlands Government Proposed COVID-19 Tracking App Exposed User Data


A mobile application for monitoring COVID-19 submitted to the government of the Netherlands has already violated proper security standards by leaking user data.

The software, Covid19 Warning, was one of seven applications submitted by RTL Nieuws to the Ministry of Health, Welfare and Sport.

The source code of the shortlisted mobile app has been released online over the weekend, as the government determines the decision. It wasn’t long before developers discovered that the source files had user data from another program.

The software contained almost 200 full names, e-mail addresses and hashed user passwords stored in a database from another project linked to an Immotef creator, according to the report.

The source code was quickly removed, but the harm was already done, and one developer described the leak as “amateurish.” A spokesman for the Covid19 Warning app said the information was “accidentally placed online” because of the quickness with which the team needed the source code for review.

The developers are working on enhancements, but the question remains whether Covid19 Alert can go forward in the ongoing selection process.

Mobile technology, particularly our smartphones and tablets, offers healthcare providers, governments and researchers the opportunity to track the spread of the new coronavirus across populations.

Forcing the general public to install these apps, however, has raised a range of privacy and security issues, including how geolocation data are processed and used elsewhere, how details can be adequately anonymized and how future monitoring could compromise the right to free travel, expression and association.

In early April, 130 scientists, academics and technology experts launched a Pan-European PPP / PEPP project to oversee the production of COVID-19 tracker applications.

At the beginning of this month, researchers at the University of Boston suggested an alternative COVID-19 monitoring system that would not hinder our privacy. A voluntary mobile app has been installed on our smartphones, which leverages short-range broadcasting technology – such as NFC and Bluetooth – and which frequently blows ID numbers to neighbouring countries.

Such numbers are stored on the computer and users can agree to share them if COVID-19 is identified to alert anyone about contacting a reported case.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.