When it comes to Digital Contact Tracing app, it's very important to determine what tracing protocol has been implemented by the app itself. As you might already know if you've read the huge debate that dominated the home page of most newspapers all around the world during the recent COVID-19 emergency, one of the largest privacy concerns raised about the usage of centralised report processing by protocol such as PEPPT-PT, as opposed to the decentralised report processing protocols such as TCN and DP-3T.
Centralized vs Decentralized approach
In a centralized report processing protocol a user must upload their entire contact log to a health authority administered server, where the health authority is then responsible for matching the log entries to contact details, ascertaining potential contact, and ultimately warning users of potential contact. Conversely, decentralised report processing protocols, while still having a central reporting server, delegate the responsibility to process logs to clients on the network. Tokens exchanged by clients contain no intrinsic information or static identifiers. Protocols using this approach have the client upload a number from which encounter tokens can be derived by individual devices. Clients then check these tokens against their local contact logs to determine if they have come in contact with an infected patient.
The major benefit of decentralized protocols - which makes them great in terms of privacy compliance - is that the government does not process nor have access to contact logs, this approach has major privacy benefits. However, such approach also presents some issues, primarily the lack of human in the loop reporting, leading to a higher occurrence of false positives; and potential scale issues, as some devices might become overwhelmed with a large number of reports. Decentralised reporting protocols are also less mature than their centralised counterparts.
Here's a useful list of the available centralized and decentralized protocols nowadays.
Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)
Architecture: Central log processing, Ephemeral IDs Fraunhofer Institute for Telecommunications
Author/Promoter: Robert Koch Institute, Technical University of Berlin, TU Dresden, University of Erfurt, Vodafone Germany, French Institute for Research in Computer Science and Automation (Inria)
License: multiple protocols, closed source, private specifications
URL: https://www.pepp-pt.org/
Architecture: Client log processing, Ephemeral IDs
Author/Promoter: Google, Apple Inc.
License: public specifications
URL: https://www.apple.com/covid19/contacttracing
Decentralized Privacy-Preserving Proximity Tracing (DP-3T)
Architecture: Client log processing, Ephemeral IDs
Author/Promoter: EPFL, ETHZ, KU Leuven, TU Delft, University College London, CISPA, University of Oxford, University of Torino / ISI Foundation
License: publicly-developed Apache 2.0 reference implementation, MPL 2.0 iOS/Android code
URL: https://github.com/DP-3T
BlueTrace / OpenTrace
Architecture: Central log processing, Ephemeral IDs
Author/Promoter: Singapore Government Digital Services
License: public specification, GPL 3 code
URL: bluetrace.io
TCN Coalition / TCN Protocol
Architecture: Client log processing, Ephemeral IDs
Author/Promoter: CovidWatch, CoEpi, ITO, Commons Project, Zcash Foundation, Openmined
License: public developed specification, MIT License code tcn-coalition.org
URL: https://github.com/TCNCoalition/TCN
Whisper Tracing Protocol (Coalition App)
Architecture: Client log processing, Ephemeral IDs
Author/Promoter: Nodle, Berkeley, California, TCN Coalition, French Institute for Research in Computer Science and Automation (Inria)
License: GPL 3
URL: https://www.coalitionnetwork.org/
Privacy Automated Contact Tracing (East Coast PACT)
Architecture: Client log processing, Ephemeral IDs
Author/Promoter: Massachusetts Institute of Technology, ACLU, Brown University, Weizmann Institute, Thinking Cybersecurity, Boston University
License: MIT
URL: https://pact.mit.edu
Privacy-Sensitive Protocols for Contact Tracing (West Coast PACT)
Architecture: Client log processing, Ephemeral IDs
Author/Promoter: University of Washington, University of Pennsylvania, Microsoft
License: MIT
URL: https://arxiv.org/abs/2004.03544
NHS contact tracing protocol
Architecture: Central log processing, Ephemeral IDs
Author/Promoter: NHS Digital
License: private specification
URL: https://www.nhsx.nhs.uk/covid-19-response/nhs-covid-19-app/
Read the full article