author photo
By Bruce Sussman
Tue | Mar 31, 2020 | 1:58 PM PDT

Apple recently rolled out a new coronavirus screening tool website.

You click through symptoms you are having, your travel, and other details to determine if you should ask for a COVID-19 test.

I set out to review the Terms of Use to understand what kind of privacy the website offers.

Before I got there, however, I came across a series of messages to hackers (both white hat and black hat) and cybercriminals who might want to attack the site.

What does Apple's coronavirus screening site say to hackers?

In Apple's COVID-19 site Terms of Use, it specifically warns against the following:

  • No reverse engineering of the website:
    "You may not, and you agree not to or enable others to, copy (except as expressly permitted by these Terms of Use), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the COVID-19 Website or any services provided by the COVID-19 Website, or any part thereof..."
  • No hacking, even if you are testing the site's security:
    "You may not probe, scan or test the vulnerability of the COVID-19 Website or any network connected to the COVID-19 Website, nor breach the security or authentication measures on the COVID-19 Website or any network connected to the COVID-19 Website."
  • No trying to figure out who is using the website or stealing PII:
    "You may not reverse look-up, trace or seek to trace any information on any other user of or visitor to the COVID-19 Website, or any other customer of Apple, including any Apple account not owned by you, to its source, or exploit the COVID-19 Website or any service or information made available or offered by or through the COVID-19 Website, in any way where the purpose is to reveal any information, including but not limited to personal identification or information, other than your own information, as provided for by the COVID-19 Website."
  • No Distributed Denial of Service (DDoS) attacks, or similar:
    "You agree that you will not take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the COVID-19 Website or Apple's systems or networks, or any systems or networks connected to the COVID-19 Website or to Apple."

What kind of impact will this have on the COVID-19 screening site's cybersecurity? Any at all?

Now, onto the original question here, about the privacy of this site.

Is Apple's COVID-19 / coronavirus screening site private?

Apple developed this site in collaboration with the White House, the Federal Emergency Management Agency (FEMA), and the Centers for Disease Control and Prevention (CDC).

So that had me wondering: what happens to the information I enter into the website? Does the government suddenly find out who thinks they may have the coronavirus?

Apple says on its main page that it will not track your answers or share them with the CDC, as you see here:

I clicked the "Learn more..." link to, yes, learn more. And here is what it says:

"Use of Data. Apple will collect certain limited information to help Apple improve the COVID-19 Website. This will not include any data that may personally identify you and will not be tied to your Apple ID. Unless you provide your express consent within the COVID-19 Website, no other information will be collected or used by Apple and your information will not be shared outside Apple. At all times, any information received by Apple will be treated in accordance with your consent and Apple's Privacy Policy, which can be viewed at: www.apple.com/privacy."

So it sounds like you maintain control over your data, unless you choose to give that control away. This is in line with the California Consumer Privacy Act (CCPA). We spoke recently with cyber attorney Jordan Fischer about the cyber and privacy law landscape on the SecureWorld podcast:

Where can I find the Apple COVID-19 screening site?

The Apple coronavirus screening tool is here. It also offers updated best practices around the coronavirus.

To do your coronavirus self screen, simply tap "Start Screening."

Comments