The Shield: the open source Israeli Government app which warns of Coronavirus exposure

The Shield: the open source Israeli Government app which warns of Coronavirus exposure

On Sunday, the Israeli health ministry released a smartphone app which takes location data from users’ phones in an attempt to determine if they might have been exposed to the COVID-19 Coronavirus.

The “Shield” app (“Hamagen” in Hebrew), available for iOS and Android, compares location data from users’ phones to information collected about the location history of those confirmed to have Coronavirus during the 14 days before their diagnosis.

The shield

Sign up to our free newsletter.
Security news, advice, and tips.

If a match is made that doesn’t necessarily mean that you now have Coronavirus, of course. And if a match isn’t made that doesn’t necessarily give you an all clear either. The app can’t answer that question. But if it does warn some people who have been exposed that they could be at risk then that clearly is helpful during a public health crisis.

Negative result

On first hearing the “Shield”/”Hamagen” app might sound like a privacy nightmare, but consider this:

  • Use of the app is optional, not compulsory.
  • Any location data collected by the app does not leave the phone, and is not uploaded to the Israeli government. All processing happens on the phone itself.
  • Those diagnosed with Coronavirus have to volunteer their location history for use by the app, which is driven by a JSON file that is updated with new data on an hourly basis.
  • Even if a match is made, the app does not inform the Israeli Ministry of Health. It’s up to the user to get in touch if the app alerts that there might have been an encounter with a Coronavirus case.
  • To reassure users about the behaviour of the app, it has been released as open source and its code published on Github.
  • The app’s code has been examined by security experts at Profero.

Despite this, it’s understandable that some might be nervous of this smartphone app.

Just days ago, as we discussed on last week’s “Smashing Security” podcast with Ran Levi (himself quarantined after a possible encounter in Tel Aviv with someone infected by Coronavirus), Israel was in the news over its plan to use smartphone tracking technology to identify those who might be exposed to Coronavirus.

But, from the sound of things, the Shield app has been built in a way which is conscious of the public’s concerns. And that’s sensible, because the aim here was clearly to encourage as many Israelis as possible to install the app, and attempt to quash the most likely objections.

The app appears to have been created with commendable speed, considering its importance. Let’s hope that it has also been written securely.

Stay safe folks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

2 comments on “The Shield: the open source Israeli Government app which warns of Coronavirus exposure”

  1. Alistair KELMAN

    Graham – I downloaded it from the Google Play store and loaded it onto my Android phone. Everything is in Hebrew but it appears to work! – Is this something that could be given out to UK doctors etc NOW!!

    regards

    Alistair

    1. My understanding is that the UK (and other countries) are working on similar apps as a matter of some urgency.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.