As part of the Pandemic Technology Project, we are monitoring the development, rollout and use of contact tracing and exposure notification apps around the world. We find key pieces of information about each service, and examine the policies that surround its use. The databases are updated on a regular basis.
The most accessible version of the database exists on the page you are reading right now.
- Our database of international apps
- Our database of apps in the United States
- A list of recent updates
- The latest stories about pandemic technology
A public version of the underlying data is kept in this read-only spreadsheet. It is a collaborative effort, and if you have more up-to-date information on a particular app, or what’s happening in a particular country or state, you can get in touch to share that with us.
Apps being used around the world
This is a list of every contact tracing or exposure notification app worldwide that is known to Technology Review. It was last updated on December 23, 2020.
Apps being used in the United States
This is a list of every contact tracing or exposure notification app in the US that is known to Technology Review. It was last updated on December 23, 2020.
What the Covid Tracing Tracker contains
At the most basic level, we are compiling a list of automated contact tracing apps that are backed by national governments. These are apps designed to automatically tell users or public health officials whether somebody has potentially been exposed to covid-19; it’s what is generally known as “exposure notification.”
For each one we find, there are basic questions to answer: Who is producing it? Is it released yet? Where will it be available, and on what platforms? What technologies does it use? And then, over time, we will also understand more about how each of these services works in practice, such as how many people have downloaded it and what level of penetration it has achieved.
But then there are more complicated issues. Is it mandatory? How private is the app? Are citizens’ rights being safeguarded? How transparent are the makers about their work? To capture this information, guided by principles put forward by the American Civil Liberties Union and others, we asked five questions.
- Is it voluntary? In some cases, apps are opt-in—but in other places many or all citizens are compelled to download and use them.
- Are there limitations on how the data gets used? Data may sometimes be used for purposes other than public health, such as law enforcement—and that may last longer than covid-19.
- Will data be destroyed after a period of time? The data the apps collect should not last forever. If it is automatically deleted in a reasonable amount of time (usually a maximum of around 30 days) or the app allows users to manually delete their own data, we award a star.
- Is data collection minimized? Does the app collect only the information it needs to do what it says?
- Is the effort transparent? Transparency can take the form of clear, publicly available policies and design, an open-source code base, or all of these.
For each question, if we can answer yes , the app gets a star. If we cannot answer yes—either because the answer is negative or because it is unknown—the rating is left blank. There’s also a field for notes that can help put things in context.
In addition, we say something about the basic technology underlying the app. Here’s an explanation of the key terms.
- Location: Some apps identify a person’s contacts by tracking the phone’s movements (for instance, using GPS or triangulation from nearby cell towers) and looking for other phones that have spent time in the same location.
- Bluetooth: Some systems use “proximity tracking,” in which phones swap encrypted tokens with any other nearby phones over Bluetooth. It is easier to anonymize and generally considered better for privacy than location tracking.
- Google/Apple: Many apps will rely on the joint API that Apple and Google are developing. It lets iOS and Android phones communicate with each other over Bluetooth, allowing developers to build a contact tracing app that will work for both. Later the two companies plan to build this directly into their operating systems.
- DP-3T: This stands for decentralized privacy-preserving proximity tracing. It’s an open-source protocol for Bluetooth-based tracking in which an individual phone’s contact logs are only stored locally, so no central authority can know who has been exposed.
We may expand these categories over time, at which point this article will be revised.
What the database doesn’t contain
First,we are focused on automated contact tracing and exposure notification apps that the public is already using or will use in the near future. It does not track preliminary efforts that have no current support from national or state-level public health bodies.
Second, we aren’t monitoring manual contact tracing efforts.
Finally, and most importantly, the database isn’t a recommendation on whether to download an app or not. It’s intended to bring you information that helps you make an informed decision on whether to use a service, and on whether to seek changes in your government’s approach.
Keeping eyes on all this information is going to require constant effort—the facts continue to evolve, the numbers change, and policies may or may not be adhered to. We may discover that what happens in theory is different from what happens in practice, or that what was promised does not end up being delivered.
How to submit a change
If you have an update, correction, or addition to the tracker, please email the relevant information to us at CTT@technologyreview.com. Please reference original sources for your claim: government or developer announcements, verifiable news sources, or published research. We seek up-to-date information on automated contact tracing apps that are backed by national or state-level governments. Data could include answers to our basic questions—What country does it operate in? What is it called? Who is producing it? Is it released yet? Where will it be available, and on what platforms? What technologies does it use? How many people have downloaded it?
Or it could be specific documentation that gives insight into our list of privacy principles: Is the app voluntary? Are there limits on what data is collected and how it is shared? Will the data be destroyed in 30 days or less? And are policies publicly available or the code open sourced?
Links to documents, web pages, announcements along with details of how this information applies are greatly appreciated.
You can view a list of the most significant changes and updates to our databases here.