Menu

Wide Angle

Morocco’s Covid-19 contact tracing app and the online privacy claims

Morocco’s newly launched Covid-19 contact tracing app has been subjected to an online campaign of posts and messages claiming that it is not secure. To IT experts, said app is a safe tool and not a spyware.

DR
Estimated read time: 2'

On June 1, Morocco launched its Covid-19 contact tracing app. Dubbed «Wiqaytna», the smartphone app was developed to help find and alert the contacts of people infected with the coronavirus. However, the newly launched contact tracing app has been subjected to an online boycott campaign.

WhatsApp messages, posts on Facebook and on other social media platforms have been urging Moroccans to avoid downloading the app, claiming that it if installed it would access the user’s contact lists, photos and messages.

A boycott campaign

«To all my contacts, who will install the Covid-19 contact tracing app, please remove me from your phone contact list and Facebook before installing the app on your smartphone», read a message shared via WhatsApp and posted on Facebook.

«If you have this app, all your contacts will be known and tracked, against their will», the same text claimed. «I will not use this app, I also protect my contacts», it concluded.

Moroccan internet users have been sharing a similar call on social media. «I urge all my friends who have my phone number and want to install the Covid-19 contact tracing app to remove me from their contact list. I will be grateful if you did that», read the post.

Reacting to these «warnings», the Health Ministry said, Tuesday, on its Facebook account that «Wiqaytna respects confidentiality and personal data», recalling that «the processing of data is authorized by the National Committee for the control of personal data (CNDP)» and that it is based on an open source code.

The ministry added that Wiqaytna only uses Bluetooth technology and therefore «cannot monitor user movements». «The only mandatory parameter obtained by the app is the phone number of the application user», while «the collected data is stored on the mobile phone of the application user and is only transferred to the central information server of the Ministry of Health when the user tests positive for Covid-19». And this transfer is also consensual.

«Safe» application to install, with «normal» permissions

Earlier this week, a Facebook page called Moroccan Hackers posted the comments of Moroccan IT expert Ahmed Lekssays. The latter analyzed the Android version of the app and its source code, which is available on GitHub.

He explained that the permissions requested in the source code published by the department and those of the application available for download are «identical». The «permissions seemed normal and expected. They were mainly about Bluetooth LE, internet, and some necessary permissions to keep the app running in the background», the expert said.

«Regarding my comments on the ongoing privacy/security debate, the application is not a spyware. People talking about it as 'the government will access our messages, photos, etc.." are wrong claims. The application does not do or ask for anything of the kind».

Ahmed Lekssays

The expert explains, however, that the app accesses the location of the device. «The application can access your location at any moment, but it was not used to track you. It was used for the other features to work», he insisted.

«it would need a proper research to see if the protocols used in data exchange in this process are secure or not because the majority of applications use a protocol called 'Just Works' which is insecure by design. So far, it is safe to install in your devices», he concluded.

Be the first one to comment on our articles...