New app's access rights explained

November 16, 2020

The Office of the Government Chief Information Officer today said that the Government upheld the principle of protecting personal data privacy when it designed the LeaveHomeSafe exposure notification mobile app.


The office made the statement in response to media reports on the access rights of the mobile app, including access to photos and media, files and storage space, modification or deletion of content, and access to Wi-Fi networks and network permissions.


It said the mobile app assists the public in recording the date and time for checking into and leaving different venues by scanning the venue QR code or the registration mark located on taxi doors.


The app requires the camera function of the mobile phone to scan the venue QR code and the taxi registration mark. After scanning, relevant check-in data, including the venue name and address, taxi registration mark, date, arrival and departure time, will all be stored in the mobile phone.


The app therefore requires permission to access the phone’s camera and storage.


Additionally, cloud-based optical character recognition technology is used to scan the taxi registration mark.


Text images captured by the camera will be converted to text files for storage. The mobile app will delete relevant images instantly and the user's check-in data will also be erased automatically after 31 days. The mobile app thus requires access permissions to mobile networks, Wi-Fi networks, as well as media and files to protect users’ privacy.


Noting that the Centre for Health Protection has been releasing information on premises visited by patients of confirmed COVID-19 cases in the form of open data, the OGCIO said the app needs to run in the background to download the centre’s data to compare it with users’ venue check-in data regularly to notify users who have visited the same venue as a COVID-19 patient.


Hence, the mobile app requires network access, Wi-Fi access and relevant permissions in allowing the app to run in the background and send notifications when needed.


Moreover, the app would perform checks with access permission to retrieve running apps under device and app history, to ensure previous data download tasks have been completed, and that the correct version of the data has been retrieved.


The OGCIO stressed that the Government understands public concerns over privacy.


It said the designs of the Android and iOS app versions are the same, adding the app only needs the least amount of access permissions to operate smoothly. The app has also passed Google and Apple’s relevant code reviews.


The Government recognises public concerns over the access permissions that the mobile app uses and the office will continue to explain to the public and encourage more people to use the app to minimise the risk of virus transmission, the OGCIO added.

Back to top