The Shield: the open source Israeli Government app which warns of Coronavirus exposure

On Sunday, the Israeli health ministry released a smartphone app which takes location data from users’ phones in an attempt to determine if they might have been exposed to the COVID-19 Coronavirus.

The “Shield” app (“Hamagen” in Hebrew), available for iOS and Android, compares location data from users’ phones to information collected about the location history of those confirmed to have Coronavirus during the 14 days before their diagnosis.

If a match is made that doesn’t necessarily mean that you now have Coronavirus, of course. And if a match isn’t made that doesn’t necessarily give you an all clear either. The app can’t answer that question. But if it does warn some people who have been exposed that they could be at risk then that clearly is helpful during a public health crisis.

On first hearing the “Shield”/”Hamagen” app might sound like a privacy nightmare, but consider this:

• Use of the app is optional, not compulsory.
• Any location data collected by the app does not leave the phone, and is not uploaded to the Israeli government. All processing happens on the phone itself.
• Those diagnosed with Coronavirus have to volunteer their location history for use by the app, which is driven by a JSON file that is updated with new data on an hourly basis.
• Even if a match is made, the app does not inform the Israeli Ministry of Health. It’s up to the user to get in touch if the app alerts that there might have been an encounter with a Coronavirus case.
• To reassure users about the behaviour of the app, it has been released as open source and its code published on Github.
• The app’s code has been examined by security experts at Profero.

Despite this, it’s understandable that some might be nervous of this smartphone app.

Just days ago, as we discussed on last week’s “Smashing Security” podcast with Ran Levi (himself quarantined after a possible encounter in Tel Aviv with someone infected by Coronavirus), Israel was in the news over its plan to use smartphone tracking technology to identify those who might be exposed to Coronavirus.

But, from the sound of things, the Shield app has been built in a way which is conscious of the public’s concerns. And that’s sensible, because the aim here was clearly to encourage as many Israelis as possible to install the app, and attempt to quash the most likely objections.

The app appears to have been created with commendable speed, considering its importance. Let’s hope that it has also been written securely.

Stay safe folks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.