SearchLanguageMobile menu
OGCIO
16-11-2020

OGCIO explains access right issues on “LeaveHomeSafe” COVID-19 exposure notification mobile app

The "LeaveHomeSafe" COVID-19 exposure notification mobile app was officially launched today (November 16). With regard to some media reports on the access rights of the mobile app, including access to photos and media, files and storage space, modification or deletion of content, and access to Wi-Fi network and network permissions, the Office of the Government Chief Information Officer (OGCIO) gave the following response:

The "LeaveHomeSafe" mobile app assists the public in recording the date and time for checking into and leaving different venues by scanning the venue QR code or the registration mark located at the inside of the taxi door. The app requires the camera function of the mobile phone to scan the venue QR code and the taxi registration mark. After scanning, relevant check-in data, including the venue name and address, taxi registration mark, date, arrival and departure time, will all be stored in the storage space of the mobile phone. The app therefore requires permission to access the camera and storage space of the mobile phone.

In addition, cloud-based Optical Character Recognition (OCR) technology is used to enable scanning of the taxi registration mark. Text images captured by the camera will be converted to text files for storage. The mobile app will then delete relevant images instantly and user's check-in data will also be erased automatically after 31 days. The mobile app thus requires access permissions to mobile network, Wi-Fi network (to conserve data usage), media and files in order to protect user's privacy.

The Centre for Health Protection (CHP) has been releasing information on premises visited by COVID-19 confirmed cases in the form of open data. The "LeaveHomeSafe" mobile app needs to run in the background, and use the network function to download the data from CHP for comparing with user's venue check-in data regularly in the mobile phone, in order to notify any user who has visited the same venue as the COVID-19 confirmed case at around the same time automatically. Hence, the mobile app requires network access, Wi-Fi access and relevant permissions in allowing the app to run in the background and send notifications when needed. Moreover, the "LeaveHomeSafe" mobile app would perform checking (with access permission to the "retrieve running apps" under "device & app history") in order to ensure previous task of data download has been completed, and retrieval of the correct version of data.

The spokesman for the OGCIO stressed that the Government understands public concerns over privacy, and therefore uphold the principle of protecting personal data privacy when designing the "LeaveHomeSafe" mobile app. The program designs of the app on Android and iOS are the same. The app only needs the least amount of access permissions to enable smooth operation and it has also passed relevant code reviews of Google and Apple. The spokesman reiterated that the Government recognises public concerns over the access permissions that the "LeaveHomeSafe" mobile app uses and will continue to explain to the public in this regard, and also invite more members of the public to use the app so as to minimise the risk of virus transmission.

- Ends -