Viability Rating
The Viability Rating of a technological intervention considers its capacity to complement pandemic management with due regard to its population penetration, privacy and effectiveness implications.
Technology interventions are scored on the basis of:
- Population Penetration: What portion of its serviceable audience1 can the specific measure cater to.
- Privacy: How well does the intervention fare against the principles of data protection.
- Effectiveness: The ability to achieve the stated result.
A composite Viability Rating has been computed on the basis of the above factors and has been rated as:
- Cyan (high/good) if any two of Population Penetration, Privacy or Effectiveness are cyan and third is yellow.
- Yellow (medium/average) if any two of the three criteria are yellow, OR exactly one of the three criteria is magenta.
- Magenta (low/poor) if any two are magenta, OR any two are yellow and the third is magenta.
A comparative assessment of the viability rating of 30 apps has been undertaken by the authors of this post. It can be accessed here.
Population Penetration
The population penetration of the underlying technology will serve as a baseline to determine how much of its serviceable audience will be able to take advantage of a given technological intervention. This can determine the extent to its benefits and costs are spread among those affected in such a way that no group or individual receives less than a minimum benefit level or maximum cost level.
To assess the population penetration of the technology interventions, internet access is considered a primary factor. For interventions where the use of Bluetooth Low Energy is being proposed for contact tracing, an additional scaling factor is applied to account for a percentage of phones that may not support its use due to hardware limitations. This forms a reasonable basis to determine equity since exclusion based on the technology interventions studied in this document will result in the costs being borne by those who lack uninterrupted access to the internet on their terms. Further, of those who do have access, 30-40% do not use the internet on a daily basis.
Technology interventions were classified as Cyan, Yellow and Magenta based on:
- Cyan: If more than 65% of the serviceable audience can be expected to have access to the internet connection.
- Yellow: If 35%-65% of the serviceable audience can be expected to have access to the internet.
- Magenta: If less than 35% of the serviceable audience is expected to have access to the internet.
The following factors could not be factored quantitatively into the equity assessment exercise at this time as either pan-India or state level, rural/urban breakdown of data were not available
- Multiple Language support.
- Gender/Class/Caste divide in internet access.
- Smartphone penetration by state.
- Need for additional capabilities like GPS, Gyroscopes, Accelerometers to improve accuracy which may or may not be available depending on the market segment a device belongs to.
- Tendency to share a single mobile internet connection or smartphone among multiple users.
- Exclusion from benefits on the basis of the lack of accessibility.
- Diffused costs versus concentrated benefits accruing from 6.
Name | Technology Used | Scalability | Estimated percentage of people: | Score | |
| Included % | Not Included % | ||||
| Aarogya Setu (Pan – India) | Bluetooth, GPS | ~50% handsets may not support Bluetooth based contact tracing. | 25 – 30 | 70 – 75 | |
| BeAwareBahrain (Bahrain) | GPS, Bluetooth, Image Processing | ~10% handsets may not support Bluetooth based contact tracing. | 85 – 90 | 10 – 15 | |
| CG COVID19 E-pass (Chattisgarh) | Form Entry, GPS | 30 – 35 | 60 – 65 | ||
| Close Contact Detector (China) | Government surveillance data | 60 – 65 | 35 – 40 | ||
| COBuddy – COVID19 tool (Tamil Nadu) | GPS, Image Processing | 60 – 65 | 35 – 40 | ||
| Corona 100m (South Korea) | GPS | 90 – 95 | 5 – 10 | ||
| Coronawatch (Karnataka) | GPS | 60 – 65 | 35 – 40 | ||
| COVID Locator (Goa) | GPS | 75 – 80 | 20 -25 | ||
| COVID-19 Quarantine Monitor (Tamil Nadu) | GPS, Image Processing | 60 – 65 | 35 – 40 | ||
| CovTracer (Cyprus) | GPS, Bluetooth | ~10% handsets may not support Bluetooth based contact tracing. | 80 – 85 | 15 – 20 | |
| eRouška (Czech Republic) | Bluetooth | ~10% handsets may not support Bluetooth based contact tracing. | 75 – 80 | 20 – 25 | |
| Grid (Jharkhand) | GPS, Image Processing | Limited to 1 district only | |||
| HaMagen/ The Shield (Israel) | GPS (real time location) | 80 -85 | 15 – 20 | ||
| Haryana Sahayak (Haryana) | GPS, Image Processing | 50 – 55 | 45 – 50 | ||
| Health Code (China) | Algorithmic Scoring | 60 – 65 | 35 – 40 | ||
| Kavach (Chattisgarh) | Form Entry | 30 – 35 | 60 – 65 | ||
| KSP Clear Pass (Karnataka) | Form Entry, Image Processing | 60 – 65 | 35 – 40 | ||
| MahaKavach (Maharashtra) | GPS, Image Processing | 60 – 65 | 30 – 35 | ||
| nCOVID-19 Nagaland – Visitors App (Nagaland) | GPS, Image Processing | 45 – 50 | 50 – 55 | ||
| PeduliLindung (Indonesia) | GPS, Bluetooth, Geofencing | ~50% handsets may not support Bluetooth based contact tracing. | 15 – 20 | 80 – 85 | |
| Quarantine watch (Karnataka) | GPS, Image Processing | 60 – 65 | 35 – 40 | ||
| RajCop Citizen (Rajasthan) | – | 45 – 50 | 50 – 55 | ||
| Rakning C-19 (Iceland) | GPS | 95+ | <5 | ||
| SMC COVID 19 Tracker (Surat, Gujrat) | GPS, Image Processing | 65 – 70 | 30 – 35 | ||
| StayHomeSafe (Hong Kong) | Geofencing | 90 – 95 | 5 – 10 | ||
| StopKorona! (North Macedonia) | Bluetooth | ~10% handsets may not support Bluetooth based contact tracing. | 70 – 75 | 25 -30 | |
| Stopp Corona (Austria) | Bluetooth | ~10% handsets may not support Bluetooth based contact tracing. | 75 – 80 | 20 – 25 | |
| T COVID 19 (Telangana) | – | 55 – 60 | 40 – 45 | ||
| TraceTogether (Singapore) | Bluetooth | ~10% handsets may not support Bluetooth based contact tracing. | 85 – 90 | 10 – 15 | |
| UP Self Quarantine App (Uttar Pradesh) | GPS | 30 – 35 | 65 – 70 | ||
| WeTrace (Cebu – Philippines) | GPS, Bluetooth | ~50% handsets may not support Bluetooth based contact tracing. | 30 – 35 | 60 – 65 | |
Privacy
Personally identifiable data forms the basis of all the technological interventions proposed across the globe. The consequential effects on the right to privacy of the individual and measures to preserve the data collected need to be scrutinised to ensure that immediate interests of the State would not lead to abysmal infringement of individual liberties.
The major factors considered, upon the existence of a privacy policy is the method of addressing:
- Purpose limitation: Whether the data collected has been explicitly demonstrated to be used for the limited purpose of managing the pandemic?
- Permissions sought vis-à-vis intent: Whether the permissions sought by the App for data collection, limits itself to the stated intent of the App?
- Possibility of deanonymisation: Whether the data points collected and the data security practices stated by the privacy policy indicate the ease of deanonymising data?
- Data retention: Whether there exists a clear statement on data retention policy?
- Oversight accountability on data collected: Whether clear indications on oversight accountability have been laid down on storage of collected data?
The technological interventions have been classified as red, yellow and green on the basis of their performance on these above mentioned metrics.
- Cyan: A clear privacy policy exists with explicit statements on purpose limitation, data retention and oversight accountability on the data collected. The permissions sought by the App for data collection are minimal and stick to the intention of the App. The App collects only relevant data points and the security practices are adequate to protect sensitive personal data.
- Yellow: A privacy policy exists but is not clear on purpose limitation, data retention and oversight accountability on the data collected. The App collects multiple data points which may be irrelevant and the security practices are inadequate to protect sensitive personal data. There are possibilities of sharing such data with third parties beyond the purpose of pandemic management, without informed consent of the generator of the data.
- Magenta: The privacy policy does not exist, or is a standard form policy generated from the internet. Concerns of data retention or oversight accountability are not addressed. The permissions sought by the App for data collection is excessive and irrelevant to the intention of the App. The security practices are inadequate to protect sensitive personal data. The data collected may be shared with third parties beyond the purpose of pandemic management, without informed consent of the generator of the data.
| Name | Use-case(s) | Technology Used | Privacy Policy | Remarks on Privacy Policy | Purpose Limitation | Permissions sought vis-a-vis intent | Data Retention | Possibility of Deanonymisation | Oversight Accountability on collected Data | Score |
| Aarogya Setu (Pan-India) | Contact Tracing, E-Pass, Risk Determination, Informatory | Bluetooth, GPS | Yes | It allows for unbridled access without informed consent. | Not limited | Not complied with | 30 days after deletion of account | High | GoI and Local | |
| BeAwareBahrain (Bahrain) | Contact tracing, quarantine tracking, Informatory | Bluetooth,GPS, Image Processing | Yes | Not App specific, but redirects to the privacy policy of the national portal of Bahrain. | Not limited | Not complied with | As long as necessary | High | Centralised | |
| CG COVID19 E-pass (Chattisgarh) | E-pass | Form input, GPS (based on privacy policy language) | Yes | Vague and Firebase generated. | Moderately limited | Moderately complied with. | Unspecified | Moderate | Unspecified | |
| Close Contact Detector (China) | Contact Tracing | Government surveillance data | Unknown | – | – | – | Unspecified | – | Centralised | |
| COBuddy – COVID19 tool (Tamil Nadu) | Quarantine Tracking, SOS for services | GPS, Image Processing | Yes | Redirects to the Facetagr website, the privacy policy of which hosts the App privacy policy. Highly intrusive. | Not limited | Minimally complied with | Unspecified | High | Unspecified | |
| Corona 100m (South Korea) | Contact Tracing, Informatory | GPS | Yes | – | Limited | Moderately complied with | Unspecified | Moderate | Centralised-non State owned | |
| Coronawatch (Karnataka) | Informatory, Contact tracing | GPS | Yes | Vague and not clear if it is App specific. (Same as the KGIS website) | Moderately Limited | Not complied with. | Unspecified | Moderate | Presumably GoK | |
| COVID-19 Quarantine Monitor (Tamil Nadu) | Quarantine tracking | GPS, Image Processing | Yes | Inapplicable as it is limited to e-sevai portal of GoTN | – | Not complied with | Unspecified | High | Unspecified | |
| CovTracer (Cyprus) | Contact Tracing | GPS, Bluetooth | Yes | Detailed and clear, but represents scope for other uses | Moderately Limited | Moderately complied with | 1 year | Moderate | Loca land Centralised | |
| eRouška – part of smart quarantine (Czech Republic) | Contact Tracing | Bluetooth | Yes | Does not clarify on data sharing with third parties (accessed the Google Translate version of the Czech doc) | Limited | Moderately complied with | 30 days/ 6 months(complete deletion) | Low | Local and Centralised | |
| Grid (Jharkhand) | E-Pass | GPS, Image Processing | No | – | Not limited | Minimally complied with | Unspecified | High | Private (Pragyaam Data Technologies Private Limited) | |
| HaMagen/ The Shield (Israel) | Contact tracing | GPS (real time location | Yes | Does not collect excessive amounts of data. | Extremely limited | Complied with | 14 days | Low | Local | |
| Haryana Sahayak (Haryana) | E-pass, Informatory | GPS, Image Processing | Yes | Gives leeway for integration for other purposes. | Not limited | Moderately complied with | Unlimited | Moderate | GoH | |
| Health Code (China) | Risk Determination | Government Data | – | Minimal Information is available on the practices employed. | – | Moderately complied with | Unspecified | Low | Centralised | |
| Kavach (Chattisgarh) | Informatory, Risk Determination | Form Entry | No | – | Details Unavailable | Not complied with | Unspecified | High | Unspecified | |
| KSP Clear Pass (Karnataka) | E-pass | Form Entry, Image Processing | Yes | Evasive of liability | Moderately limited | Moderately complied with | Unlimited | Moderate | Private(Vivish Technologies Private Limited) | |
| nCOVID-19 Nagaland – Visitors App (Nagaland) | Contact tracing, Quarantine tracking, E- Pass | GPS, Image Processing | Yes | Not Specific to the App | Not limited | Not complied with | Unspecified | High | Unspecified | |
| PeduliLindung (Indonesia) | Quarantine Tracking , Informatory, Contact tracing | GPS, Bluetooth, Geofencing | No | – | Details unavailable | Not complied with | Unspecified | High | Local and Centralised | |
| Quarantine watch (Karnataka) | Quarantine tracking | GPS, Image Processing | Yes | Non App specific, redirects from the land records sub domain of the GoK | Moderately limited | Moderately complied with | Unspecified | High | Presumably GoK | |
| RajCop Citizen (Rajasthan) | Informatory, E- Pass | All App permissions | Yes | Not specific to the App | Not limited | Not complied with | Unspecified | High | Private(XGenPlus) | |
| Rakning C-19 (Iceland) | Contact Tracing | GPS | Yes | Does not address sharing with third parties other than the health dept. | Limited | Minimally complied with | 14 days | High | Local and Centralised | |
| SMC COVID 19 Tracker (Surat, Gujrat) | Quarantine tracking | GPS, Image Processing | Yes | Vague and Firebase generated | Moderately limited | Moderately complied with | Unspecified | High | No privacy policy specific to the App | |
| StayHomeSafe (Hong Kong) | Quarantine Tracking | Geofencing | Yes | Vaguely drafted | Limited | Not complied with | Unspecified | High | Centralised | |
| StopKorona! (North Macedonia) | Contact tracing | Bluetooth | Yes | Regardless of privacy policy stating GPS not being used, Google Play permissions taken include access to GPS and network location. | Limited | Moderately complied with | 14 days | Low | Local and centralised | |
| Stopp Corona (Austria) | Contact Tracing | Bluetooth | Yes | The Data Protection Declaration, which is in addition to the Privacy FAQs page to which the privacy policy on Google Play directs is detailed and clear. | Limited | Complied with | 30 days | Low | Local and Centralised | |
| T COVID 19 (Telangana) | Informatory | – | Yes | The privacy policy linked in the Google Play Store page directs to the website of the developer of the application. | Not limited | Not complied with | Unspecified | High | Unspecified | |
| Test Yourself Goa (Goa) | Risk Determination | Form Entry | Yes | Redirects to the Privacy Policy of the Developer. Highly intrusive. | Not Limited | Complied with | Unspecified | Low | Unspecified | |
| TraceTogether (Singapore) | Contact tracing | Bluetooth | Yes | Against the claims in the privacy policy, Google Play lists Media and geolocation permissions.[SGK1] | Clearly limited | Moderately Complied with | 21 days | Low | Local+Centralised | |
| UP Self Quarantine App (Uttar Pradesh) | Quarantine Tracking | GPS | Yes | Directs to the UP COVID portal, with no privacy policy. | – | Complied with | Unspecified | Low | Unspecified | |
| WeTrace (Cebu – Philippines) | Contact Tracing, Quarantine tracking | GPS, Bluetooth | Yes | Not specific to the App | Limited (according to the privacy policy of the website) | Not complied with | 30 days | High | Centralised |
Effectiveness
Effectiveness refers to the ability to achieve the stated result. Eg. A contact tracing App is effective if it can trace accurately and precisely.
Most mobile-based interventions are using applications that utilise Bluetooth low energy or global positioning system (GPS) or a combination of these two technologies.
The interventions have mainly been in the form of apps focused on the following use-cases:
- Contact Tracing
- Quarantine Management
- Risk Determination
- Providing COVID-19 and healthcare information (Informatory)
- Issuing E-passes
The apps have been scored Cyan (high/good), Yellow (medium/average), or Magenta (low/poor) on the above five use-cases.
Contact Tracing
| App/Initiative Name | Technology Used | Effectiveness |
| Aarogya Setu (Pan-India) | Bluetooth, GPS | |
| PeduliLindung (Indonesia) | GPS, Bluetooth, Geofencing | |
| BeAwareBahrain (Bahrain) | GPS, Bluetooth, Image Processing | |
| WeTrace (Cebu – Philippines) | GPS, Bluetooth | |
| nCOVID-19 Nagaland – Visitors App (Nagaland) | GPS, Image Processing | |
| Coronawatch (Karnataka) | GPS | |
| Corona 100m (South Korea) | GPS | |
| HaMagen/ The Shield (Israel) | GPS (real time location) | |
| Stopp Corona (Austria) | Bluetooth | |
| CovTracer (Cyprus) | GPS, Bluetooth | |
| Rakning C-19 (Iceland) | GPS | |
| StopKorona! (North Macedonia) | Bluetooth | |
| eRouška (Czech Republic) | Bluetooth | |
| Close Contact Detector (China) | Government surveillance data |
Quarantine Management
| App/Initiative Name | Technology Used | Effectiveness |
| Quarantine watch (Karnataka) | GPS, Image Processing | |
| SMC COVID 19 Tracker (Surat, Gujrat) | GPS, Image Processing | |
| UP Self Quarantine App (Uttar Pradesh) | GPS | |
| COVID-19 Quarantine Monitor (Tamil Nadu) | GPS, Image Processing | |
| COBuddy – COVID19 tool (Tamil Nadu) | GPS, Image Processing | |
| nCOVID-19 Nagaland – Visitors App (Nagaland) | GPS, Image Processing | |
| WeTrace (Cebu – Philippines) | GPS, Bluetooth | |
| PeduliLindung (Indonesia) | GPS, Bluetooth, Geofencing | |
| BeAwareBahrain (Bahrain) | GPS, Bluetooth, Image Processing | |
| StayHomeSafe (Hong Kong) | Geofencing |
Risk Determination
| App/Initiative Name | Technology Used | Effectiveness |
| Aarogya Setu (Pan-India) | Bluetooth, GPS | |
| Kavach (Chattisgarh) | – | |
| Test Yourself Goa (Goa) | – | |
| Health Code (China) | – |
Informatory
| App/Initiative Name | Technology Used | Effectiveness |
| Aarogya Setu (Pan-India) | Bluetooth, GPS | |
| PeduliLindung (Indonesia) | GPS, Bluetooth, Geofencing | |
| BeAwareBahrain (Bahrain) | GPS, Bluetooth, Image Processing | |
| Corona 100m (South Korea) | GPS | |
| Coronawatch (Karnataka) | GPS | |
| Haryana Sahayak (Haryana) | GPS, Image Processing | |
| Kavach (Chattisgarh) | – | |
| RajCop Citizen (Rajasthan) | – | |
| T COVID 19 (Telangana) | – |
E-pass
| App/Initiative Name | Technology Used | Effectiveness |
| Aarogya Setu* (Pan-India) | Bluetooth, GPS | |
| nCOVID-19 Nagaland – Visitors App (Nagaland) | GPS, Image Processing | |
| Haryana Sahayak (Haryana) | GPS, Image Processing | |
| RajCop Citizen (Rajasthan) | – | |
| KSP Clear Pass (Karnataka) | – | |
| Grid (Jharkhand) | GPS, Image Processing | |
| CG COVID19 E-pass (Chattisgarh) | Form input, GPS |
This post was authored by Prateek Waghre, Sapni GK and Utkarsh Narain.
