Viability Rating of Technological Interventions for COVID-19

Viability Rating

The Viability Rating of a technological intervention considers its capacity to complement pandemic management with due regard to its population penetration, privacy and effectiveness implications.

Technology interventions are  scored on the basis of:

  1. Population Penetration: What portion of its serviceable audience1 can the specific measure cater to.
  2. Privacy: How well does the intervention fare against the principles of data protection.
  3. Effectiveness: The ability to achieve the stated result.

A composite Viability Rating has been computed on the basis of the above factors and has been rated as:

  • Cyan (high/good) if any two of Population Penetration, Privacy or Effectiveness are cyan and third is yellow.
  • Yellow (medium/average) if any two of the three criteria are yellow, OR exactly one of the three criteria is magenta.
  • Magenta (low/poor) if any two are magenta, OR any two are yellow and the third is magenta.

A comparative assessment of the viability rating of 30 apps has been undertaken by the authors of this post. It can be accessed here.

Population Penetration

The population penetration of the underlying technology will serve as a baseline to determine how much of its serviceable audience will be able to take advantage of a given technological intervention. This can determine the extent to its benefits and costs are spread among those affected in such a way that no group or individual receives less than a minimum benefit level or maximum cost level.

To assess the population penetration of the technology interventions, internet access is considered a primary factor. For interventions where the use of Bluetooth Low Energy is being proposed for contact tracing, an additional scaling factor is applied to account for a percentage of phones that may not support its use due to hardware limitations. This forms a reasonable basis to determine equity since exclusion based on the technology interventions studied in this document will result in the costs being borne by those who lack uninterrupted access to the internet on their terms. Further, of those who do have access, 30-40% do not use the internet on a daily basis.

Technology interventions were classified as Cyan, Yellow and Magenta based on:

  • Cyan: If more than 65% of the serviceable audience can be expected to have access to the internet connection.
  • Yellow: If 35%-65% of the serviceable audience can be expected to have access to the internet.
  • Magenta: If less than 35% of the serviceable audience is expected to have access to the internet.

The following factors could not be factored quantitatively into the equity assessment exercise at this time as either pan-India or state level, rural/urban breakdown of data were not available

  1. Multiple Language support.
  2. Gender/Class/Caste divide in internet access.
  3. Smartphone penetration by state.
  4. Need for additional capabilities like GPS, Gyroscopes, Accelerometers to improve accuracy which may or may not be available depending on the market segment a device belongs to.
  5. Tendency to share a single mobile internet connection or smartphone among multiple users.
  6. Exclusion from benefits on the basis of the lack of accessibility.
  7. Diffused costs versus concentrated benefits accruing from 6.
Name
Technology Used
Scalability
Estimated percentage of people:
Score
Included %Not Included %
Aarogya Setu
(Pan – India)
Bluetooth,
GPS
~50% handsets may not support Bluetooth based contact tracing.25 – 3070 – 75
BeAwareBahrain (Bahrain)GPS, Bluetooth,
Image Processing
~10% handsets may not support Bluetooth based contact tracing.85 – 9010 – 15
CG COVID19 E-pass
(Chattisgarh)
Form Entry,
GPS
30 – 3560 – 65
Close Contact Detector (China)Government surveillance data60 – 6535 – 40
 COBuddy – COVID19 tool (Tamil Nadu)GPS,
Image Processing
60 – 6535 – 40
Corona 100m (South Korea)GPS90 – 955 – 10
Coronawatch
(Karnataka)
GPS60 – 6535 – 40
COVID Locator
(Goa)
GPS75 – 8020 -25
COVID-19 Quarantine Monitor (Tamil Nadu)GPS,
Image Processing
60 – 6535 – 40
CovTracer
(Cyprus)
GPS, Bluetooth~10% handsets may not support Bluetooth based contact tracing.80 – 8515 – 20
eRouška
(Czech Republic)
Bluetooth~10% handsets may not support Bluetooth based contact tracing.75 – 8020 – 25
Grid
(Jharkhand)
GPS,
Image Processing
Limited to 1 district only
HaMagen/ The Shield (Israel)GPS (real time location)80 -8515 – 20
Haryana Sahayak
(Haryana)
GPS,
Image Processing
50 – 5545 – 50
Health Code
(China)
Algorithmic Scoring60 – 6535 – 40
Kavach
(Chattisgarh)
Form Entry30 – 3560 – 65
KSP Clear Pass
(Karnataka)
Form Entry,
Image Processing
60 – 6535 – 40
MahaKavach
(Maharashtra)
GPS,
Image Processing
60 – 6530 – 35
nCOVID-19 Nagaland – Visitors App (Nagaland)GPS,
Image Processing
45 – 5050 – 55
PeduliLindung (Indonesia)GPS, Bluetooth,
Geofencing
~50% handsets may not support Bluetooth based contact tracing.15 – 2080 – 85
Quarantine watch
(Karnataka)
GPS,
Image Processing
60 – 6535 – 40
RajCop Citizen
(Rajasthan)
45 – 5050 – 55
Rakning C-19
(Iceland)
GPS95+<5
SMC COVID 19 Tracker
(Surat, Gujrat)
GPS,
Image Processing
65 – 7030 – 35
StayHomeSafe (Hong Kong)Geofencing90 – 955 – 10
StopKorona!
(North Macedonia)
Bluetooth~10% handsets may not support Bluetooth based contact tracing.70 – 7525 -30
Stopp Corona (Austria)Bluetooth~10% handsets may not support Bluetooth based contact tracing.75 – 8020 – 25
T COVID 19
(Telangana)
55 – 6040 – 45
TraceTogether (Singapore)Bluetooth~10% handsets may not support Bluetooth based contact tracing.85 – 9010 – 15
UP Self Quarantine App
(Uttar Pradesh)
GPS30 – 3565 – 70
WeTrace (Cebu – Philippines)GPS,
Bluetooth
~50% handsets may not support Bluetooth based contact tracing.30 – 3560 – 65

Privacy

Personally identifiable data forms the basis of all the technological interventions proposed across the globe. The consequential effects on the right to privacy of the individual and measures to preserve the data collected need to be scrutinised to ensure that immediate interests of the State would not lead to abysmal infringement of individual liberties.

The major factors considered, upon the existence of a privacy policy is the method of addressing:

  1. Purpose limitation: Whether the data collected has been explicitly demonstrated to be used for the limited purpose of managing the pandemic?
  2. Permissions sought vis-à-vis intent: Whether the permissions sought by the App for data collection, limits itself to the stated intent of the App?
  3. Possibility of deanonymisation: Whether the data points collected and the data security practices stated by the privacy policy indicate the ease of deanonymising data?
  4. Data retention: Whether there exists a clear statement on data retention policy?
  5. Oversight accountability on data collected: Whether clear indications on oversight accountability have been laid down on storage of collected data?

The technological interventions have been classified as red, yellow and green on the basis of their performance on these above mentioned metrics.

  • Cyan: A clear privacy policy exists with explicit statements on purpose limitation, data retention and oversight accountability on the data collected. The permissions sought by the App for data collection are minimal and stick to the intention of the App. The App collects only relevant data points and the security practices are adequate to protect sensitive personal data.
  • Yellow: A privacy policy exists but is not clear on purpose limitation, data retention and oversight accountability on the data collected. The App collects multiple data points which may be irrelevant and the security practices are inadequate to protect sensitive personal data. There are possibilities of sharing such data with third parties beyond the purpose of pandemic management, without informed consent of the generator of the data.
  • Magenta: The privacy policy does not exist, or is a standard form policy generated from the internet. Concerns of data retention or oversight accountability are not addressed. The permissions sought by the App for data collection is excessive and irrelevant to the intention of the App. The security practices are inadequate to protect sensitive personal data. The data collected may be shared with third parties beyond the purpose of pandemic management, without informed consent of the generator of the data.
NameUse-case(s)Technology UsedPrivacy PolicyRemarks on Privacy PolicyPurpose LimitationPermissions sought vis-a-vis intentData RetentionPossibility of DeanonymisationOversight Accountability on collected Data  Score
Aarogya Setu
(Pan-India)
Contact Tracing, E-Pass, Risk Determination, InformatoryBluetooth,
GPS
YesIt allows for unbridled access without informed consent.Not limitedNot complied with30 days after deletion of accountHighGoI and Local
BeAwareBahrain (Bahrain)Contact tracing, quarantine tracking, InformatoryBluetooth,GPS, Image ProcessingYesNot App specific, but redirects to the privacy policy of the national portal of Bahrain.Not limitedNot complied withAs long as necessaryHighCentralised
CG COVID19 E-pass
(Chattisgarh)
E-passForm input, GPS (based on privacy policy language)YesVague and Firebase generated.Moderately limitedModerately complied with.UnspecifiedModerateUnspecified
Close Contact Detector (China)Contact TracingGovernment surveillance dataUnknownUnspecifiedCentralised
COBuddy – COVID19 tool (Tamil Nadu)Quarantine Tracking, SOS for servicesGPS,
Image Processing
YesRedirects to the Facetagr website, the privacy policy of which hosts the App privacy policy. Highly intrusive.Not limitedMinimally complied withUnspecifiedHighUnspecified
Corona 100m (South Korea)Contact Tracing, InformatoryGPSYesLimitedModerately complied withUnspecifiedModerateCentralised-non State owned
Coronawatch
(Karnataka)
Informatory, Contact tracingGPSYesVague and not clear if it is App specific. (Same as the KGIS website)Moderately LimitedNot complied with.UnspecifiedModeratePresumably GoK
COVID-19 Quarantine Monitor (Tamil Nadu)Quarantine trackingGPS,
Image Processing
YesInapplicable as it is limited to e-sevai portal of GoTNNot complied withUnspecifiedHighUnspecified
CovTracer
(Cyprus)
Contact TracingGPS, BluetoothYesDetailed and clear, but represents scope for other usesModerately LimitedModerately complied with1 yearModerateLoca land Centralised
eRouška – part of smart quarantine (Czech Republic)Contact TracingBluetoothYesDoes not clarify on data sharing with third parties (accessed the Google Translate version of the Czech doc)LimitedModerately complied with30 days/ 6 months(complete deletion)LowLocal and Centralised
Grid
(Jharkhand)
E-PassGPS,
Image Processing
NoNot limitedMinimally complied withUnspecifiedHighPrivate (Pragyaam Data Technologies Private Limited)
HaMagen/ The Shield (Israel)Contact tracingGPS (real time locationYesDoes not collect excessive amounts of data.Extremely limitedComplied with14 daysLowLocal
Haryana Sahayak
(Haryana)
E-pass, InformatoryGPS,
Image Processing
YesGives leeway for integration for other purposes.Not limitedModerately complied withUnlimitedModerateGoH
Health Code (China)Risk DeterminationGovernment DataMinimal Information is available on the practices employed.Moderately complied withUnspecifiedLowCentralised
Kavach (Chattisgarh)Informatory, Risk DeterminationForm EntryNoDetails UnavailableNot complied withUnspecifiedHighUnspecified
KSP Clear Pass
(Karnataka)
E-passForm Entry,
Image Processing
YesEvasive of liabilityModerately limitedModerately complied withUnlimitedModeratePrivate(Vivish Technologies Private Limited)
nCOVID-19 Nagaland – Visitors App (Nagaland)Contact tracing, Quarantine tracking, E- PassGPS,
Image Processing
YesNot Specific to the AppNot limitedNot complied withUnspecifiedHighUnspecified
PeduliLindung (Indonesia)Quarantine Tracking , Informatory, Contact tracingGPS,
Bluetooth,
Geofencing
NoDetails unavailableNot complied withUnspecifiedHighLocal and Centralised
Quarantine watch
(Karnataka)
Quarantine trackingGPS,
Image Processing
YesNon App specific, redirects from the land records sub domain of the GoKModerately limitedModerately complied withUnspecifiedHighPresumably GoK
RajCop Citizen
(Rajasthan)
Informatory, E- PassAll App permissionsYesNot specific to the AppNot limitedNot complied withUnspecifiedHighPrivate(XGenPlus)
Rakning C-19
(Iceland)
Contact TracingGPSYesDoes not address sharing with third parties other than the health dept.LimitedMinimally complied with14 daysHighLocal and Centralised
SMC COVID 19 Tracker
(Surat, Gujrat)
Quarantine trackingGPS,
Image Processing
YesVague and Firebase generatedModerately limitedModerately complied withUnspecifiedHighNo privacy policy specific to the App
StayHomeSafe (Hong Kong)Quarantine TrackingGeofencingYesVaguely draftedLimitedNot complied withUnspecifiedHighCentralised
StopKorona!
(North Macedonia)
Contact tracingBluetoothYesRegardless of privacy policy stating GPS not being used, Google Play permissions taken include access to GPS and network location.LimitedModerately complied with14 daysLowLocal and centralised
Stopp Corona (Austria)Contact TracingBluetoothYesThe Data Protection Declaration, which is in addition to the Privacy FAQs page to which the privacy policy on Google Play directs is detailed and clear.LimitedComplied with30 daysLowLocal and Centralised
T COVID 19
(Telangana)
InformatoryYesThe privacy policy linked in the Google Play Store page directs to the website of the developer of the application.Not limitedNot complied withUnspecifiedHighUnspecified
Test Yourself Goa (Goa)Risk DeterminationForm EntryYesRedirects to the Privacy Policy of the Developer. Highly intrusive.Not LimitedComplied withUnspecifiedLowUnspecified
TraceTogether (Singapore)Contact tracingBluetoothYesAgainst the claims in the privacy policy, Google Play lists Media and geolocation permissions.[SGK1]Clearly limitedModerately Complied with21 daysLowLocal+Centralised
UP Self Quarantine App
(Uttar Pradesh)
Quarantine TrackingGPSYesDirects to the UP COVID portal, with no privacy policy.Complied withUnspecifiedLowUnspecified
WeTrace (Cebu – Philippines)Contact Tracing, Quarantine trackingGPS,
Bluetooth
YesNot specific to the AppLimited (according to the privacy policy of the website)Not complied with30 daysHighCentralised

Effectiveness

Effectiveness refers to the ability to achieve the stated result. Eg. A contact tracing App is effective if it can trace accurately and precisely.

Most mobile-based interventions are using applications that utilise Bluetooth low energy or global positioning system (GPS) or a combination of these two technologies.

The interventions have mainly been in the form of apps focused on the following use-cases:

  1. Contact Tracing
  2. Quarantine Management
  3. Risk Determination
  4. Providing COVID-19 and healthcare information (Informatory)
  5. Issuing E-passes

The apps have been scored Cyan (high/good), Yellow (medium/average), or Magenta (low/poor) on the above five use-cases.

Contact Tracing
 App/Initiative Name Technology Used Effectiveness
Aarogya Setu
(Pan-India)
Bluetooth, GPS
PeduliLindung (Indonesia)GPS, Bluetooth, Geofencing
BeAwareBahrain (Bahrain)GPS,
Bluetooth,
Image Processing
WeTrace (Cebu – Philippines)GPS, Bluetooth
nCOVID-19 Nagaland – Visitors App (Nagaland)GPS, Image Processing
Coronawatch
(Karnataka)
GPS
Corona 100m
(South Korea)
GPS
HaMagen/ The Shield (Israel)GPS (real time location)
Stopp Corona (Austria)Bluetooth
CovTracer
(Cyprus)
GPS, Bluetooth
Rakning C-19
(Iceland)
GPS
StopKorona!
(North Macedonia)
Bluetooth
eRouška
(Czech Republic)
Bluetooth
Close Contact Detector
(China)
Government surveillance data
Quarantine Management
 App/Initiative Name Technology Used Effectiveness
Quarantine watch
(Karnataka)
GPS, Image Processing
SMC COVID 19 Tracker
(Surat, Gujrat)
GPS, Image Processing
UP Self Quarantine App
(Uttar Pradesh)
GPS
COVID-19 Quarantine Monitor (Tamil Nadu)GPS, Image Processing
COBuddy – COVID19 tool (Tamil Nadu)GPS, Image Processing
nCOVID-19 Nagaland – Visitors App (Nagaland)GPS, Image Processing
WeTrace (Cebu – Philippines)GPS, Bluetooth
PeduliLindung (Indonesia)GPS, Bluetooth, Geofencing
BeAwareBahrain (Bahrain)GPS,
Bluetooth,
Image Processing
StayHomeSafe
(Hong Kong)
Geofencing
Risk Determination
App/Initiative NameTechnology UsedEffectiveness
Aarogya Setu
(Pan-India)
Bluetooth, GPS
Kavach (Chattisgarh)
Test Yourself Goa (Goa)
Health Code (China)
Informatory
App/Initiative NameTechnology UsedEffectiveness
Aarogya Setu
(Pan-India)
Bluetooth, GPS
PeduliLindung (Indonesia)GPS, Bluetooth, Geofencing
BeAwareBahrain (Bahrain)GPS,
Bluetooth,
Image Processing
Corona 100m
(South Korea)
GPS
Coronawatch
(Karnataka)
GPS
Haryana Sahayak
(Haryana)
GPS, Image Processing
Kavach (Chattisgarh)
RajCop Citizen
(Rajasthan)
T COVID 19
(Telangana)
E-pass
App/Initiative NameTechnology UsedEffectiveness
Aarogya Setu*
(Pan-India)
Bluetooth, GPS
nCOVID-19 Nagaland – Visitors App (Nagaland)GPS, Image Processing
Haryana Sahayak
(Haryana)
GPS, Image Processing
RajCop Citizen
(Rajasthan)
KSP Clear
Pass (Karnataka)
Grid
(Jharkhand)
GPS, Image Processing
CG COVID19 E-pass
(Chattisgarh)
Form input,
GPS

This post was authored by Prateek Waghre, Sapni GK and Utkarsh Narain.