With the launch of the NHS contact-tracing app just around the corner, 48% of UK citizens do not trust the UK government to keep their information safe from bad actors, according to a nationwide survey released on May 27.
The new NHS COVID-19 contact-tracing app is designed to “slow the spread of coronavirus whilst protecting your privacy,” as it won’t ask for any personal information such as name or email, and won’t collect any personal information. As an additional precaution, the NHS states that “all users are assigned a random installation ID by the NHS.
The National Health Service will securely store the “first part of your postcode, your installation ID, and your phone make and model.”
Despite the extra layers of security promoted by the NHS, around 43% of respondents expressed concerns that the app would give malicious actors the opportunity to send smishing messages or phishing emails, and 52% said that they lack the know-how to differentiate between a legitimate email or text message and a phishing or smishing message.
Their worry is quite understandable. The COVID-19 pandemic has been accompanied by a surge in coronavirus-related attacks, and the number of phishing emails mimicking government and health institutions has skyrocketed.
The report revealed additional concerns as well. 33% of respondents said they worry the app could allow the government to track their whereabouts, while 36% believe the app might let the government collect data on them.
Although the app’s initial testing started on the Isle of Wight, the British government hopes that the nationwide release “will play a central role in how the UK manages the rate of COVID-19 transmission alongside restrictions on social distancing.”
Even with guarantees of privacy and anonymity of users, cyber criminals will likely try leveraging the release of the contact-tracing app. There are also concerns regarding the exploitation of Bluetooth vulnerabilities, since the app uses low-energy Bluetooth signals to keep track of any possible infected persons by transmitting an anonymous ID.