Apple recently rolled out a new coronavirus screening tool website.
You click through symptoms you are having, your travel, and other details to determine if you should ask for a COVID-19 test.
Before I got there, however, I came across a series of messages to hackers (both white hat and black hat) and cybercriminals who might want to attack the site.
What does Apple's coronavirus screening site say to hackers?
- No reverse engineering of the website:
- No hacking, even if you are testing the site's security:
"You may not probe, scan or test the vulnerability of the COVID-19 Website or any network connected to the COVID-19 Website, nor breach the security or authentication measures on the COVID-19 Website or any network connected to the COVID-19 Website."
- No trying to figure out who is using the website or stealing PII:
"You may not reverse look-up, trace or seek to trace any information on any other user of or visitor to the COVID-19 Website, or any other customer of Apple, including any Apple account not owned by you, to its source, or exploit the COVID-19 Website or any service or information made available or offered by or through the COVID-19 Website, in any way where the purpose is to reveal any information, including but not limited to personal identification or information, other than your own information, as provided for by the COVID-19 Website."
- No Distributed Denial of Service (DDoS) attacks, or similar:
"You agree that you will not take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the COVID-19 Website or Apple's systems or networks, or any systems or networks connected to the COVID-19 Website or to Apple."
What kind of impact will this have on the COVID-19 screening site's cybersecurity? Any at all?
Now, onto the original question here, about the privacy of this site.
Is Apple's COVID-19 / coronavirus screening site private?
Apple developed this site in collaboration with the White House, the Federal Emergency Management Agency (FEMA), and the Centers for Disease Control and Prevention (CDC).
So that had me wondering: what happens to the information I enter into the website? Does the government suddenly find out who thinks they may have the coronavirus?
Apple says on its main page that it will not track your answers or share them with the CDC, as you see here:
I clicked the "Learn more..." link to, yes, learn more. And here is what it says:
So it sounds like you maintain control over your data, unless you choose to give that control away. This is in line with the California Consumer Privacy Act (CCPA). We spoke recently with cyber attorney Jordan Fischer about the cyber and privacy law landscape on the SecureWorld podcast:
Where can I find the Apple COVID-19 screening site?
The Apple coronavirus screening tool is here. It also offers updated best practices around the coronavirus.
To do your coronavirus self screen, simply tap "Start Screening."