Hamagen - The Shield - Israel's locally developed infection tracking software for Corona explanation

iphone hamagen.png

Israel has made available a downloadable application for citizens to track whether they've come into contact with diagnosed cases of Covid-19. For a few days the Ministry of Health was given permission to mine security services sources to cross reference location data with known cases, but this has now been shut down by the Supreme Court. It has been replaced by voluntary downloads of an application called "Hamagen" or The Shield.

I downloaded it and I took at the FAQ on the Ministry of Health's website in English.

I'm actually pretty impressed with both the architecture and their openness and the details of how it works. I understand Singapore has a more sophisticated bluetooth to bluetooth detection system which uses good cryptography to store on the device when specific phones come into proximity. There's an argument that this could be combined with what is described here in Israel.

Privacy Policy and Information Security, HaMagen Application
Publication date: 21/03/2020, 14:35 | Update date: 22/03/2020, 19:24

1. Who developed the application?

HaMagen was developed in a joint effort by developers from the Ministry of Health, commercial companies, and volunteers from various organizations and the developer community in Israel.

2. What does the application actually do?

Once every set period of time (currently once an hour), the application downloads a file with an anonymous list of locations from the Ministry of Health's cloud (including dates and times) in which diagnosed COVID-19 patients have visited (patients who were examined by the Ministry of Health and underwent epidemiological investigation by the various tools at the Ministry's disposal) and then the application will cross-reference these locations against your locations (including dates and times) that are stored in your device.

Information about locations and times is cross-referenced within your device, and not on the cloud. Your locations are not sent to the Ministry of Health. Should the application discover that there is a possibility that you have been at the same place and at the same time as a diagnosed patient, you will receive a notification from the application with the details of the location and times where you have been exposed to a patient.

Upon receiving the notification from the application, it is recommended that you take precautions and verify this information at the Ministry of Health's website where these lists are published, as well as maps with the locations where verified patients stayed. If you have any doubts regarding the precision of the information provided by the application, you may consult the Ministry of Health's hotline at *5400, or the hotline of your HMO, regarding points of exposure.

3. Where and in what manner is my information stored?

Information about your locations is only stored on your device and is not transmitted.
Information is stored via the SQLite database, accessible only to the application.
In the future, we shall to try to allow for diagnosed patients only to send us the information on the routes that they have made, in order to help the Ministry of Health and the general public to carry out necessary epidemiological investigations in ever increasing numbers (we have some ideas for realizing this function, all the while maintaining patients' privacy but, in the spirit of the open code, we will be happy, of course, to hear additional ideas from developers and users). Presently there is no option whatsoever to forward information to the Ministry of Health. Should we add it to the application, we shall notify you in advance. In any case – should we reach this stage, the information from the application will only be forwarded with your consent.

4. How does the application know where I've been, and why does it require authorizations to my device?

HaMagen requires authorization to access your location, as well as internet access (for cellular surfing or WIFI) from your device.
Internet access is required in order to download the continuously updated data file containing the history of the locations of diagnosed coronavirus patients from the Ministry of Health's cloud (that is to say, the findings of the epidemiological investigations that the Ministry of Health has performed on diagnosed patients).
The application compares the locations of every diagnosed patient to your locations in the 14 days preceding the date of each patient's diagnosis. Therefore, the application requires access to your locations. All cross-referencing is performed on your device and is not forwarded, uploaded to the Ministry of Health or any other agency, nor forwarded to other users or organizations.

5. What kind of information does the application keep about me?

Location history of last two weeks only (dates, times, and places) according to the tracking services (and currently – not applicable to dates before you have installed the application).
History of wireless networks (WIFI) that you came across in the last two weeks only.
In the future, the application will keep track of proximity to other devices by way of Bluetooth or Data over Sound.
Cross-references of locations with diagnosed patients (if any) – in the last two weeks only.
Everything is stored in the memory of your phone and is not forwarded.

6. Where do the diagnosed patient files come from? How do I know its genuine? Does it contain identifying information?

The file is generated in the Ministry of Health's epidemiological system. It contains only verified information that was received from laboratories and epidemiological investigations and is monitored by the Ministry of Health. Prior to sending, the file is digitally signed with the Ministry of Health's digital signature. Upon receiving the file, the digital signature is examined by the application, to verify that the file was received from the Ministry of Health in an orderly manner, in order to prevent the breach of malware into the application.

We are aware of the existence of attack and breach attempts, and we are doing our best to protect the application so that it can protect you.

7. What stations do the diagnosed patient files go through before reaching me?

The file passes from the Ministry of Health to its task-specific cloud via Azure (cloud services operated by Microsoft) by way of a secured virtual safe (CyberArk)
The Ministry of Health's communication with Azure is carried out by ExpressRoute service, via task-specific communications lines (not via internet)
The file is saved to the cloud with Blob Storage service, and from the cloud, the application downloads the file
The information security experts approved information security services for cloud and for cloud communications of all the parties involved

8. If everybody installs the application, won't there be a problem with congestion?

Location comparison calculations are performed on your device only. Therefore, the only possible congestion that may be caused is if too many devices will download the Ministry of Health's data file from the cloud at the same time.
Therefore, in some instances (such as if there are many new diagnosed patients with many epidemiological investigations), the check and the downloading of information from the cloud may take a few minutes and consume some battery power.
We have performed a successful check of 1.6 million readings in 9 minutes. This is congestion suitable for several millions of users, as we hope that the application will have in Israel. However, we are working to improve this matter as well.

9. On what technologies and infrastructures is the application based?

The application was written with React Native
The information on the device is stored in SQLite
We have also used additional open code components

10. Where is it possible to see the application's source code?

We plan to publish the application's source code on GitHub soon and manage it as an open code (save for several commercial libraries that we use).

11. Some applications monitor use. Do you also do that?

We use Google's Firebase service
The service collects anonymous information for purposes of monitoring the application's functionality only
We use anonymous information to learn the application's functionality so that we can improve it for the benefit of the user public, and for this purpose only
We do not collect identifying information about your use of the application, your use of other applications, network traffic, internet use, phone calls, or any other content related to your device. The application will neither collect nor store information on anything that does not pertain to your location: place, date, and time only.

12. Should I do anything to maintain the privacy of my information?

Physically protect your smartphone device – as usual
Lock your device with a password when it is not in use – as usual

13. What security checks did this application pass?

The application was tested by several cyber and information security agencies, including staff from Israel National Cyber Directorate, specialists from the commercial sector, and leading information security and cyber experts from the civil cyber and information security community in Israel. Security checks included architectural checks, code reviews, and PT (breach checks). Adjustments were made according to the recommendations received, and we are currently convinced that the application is sufficiently secure for use, adequately protected from attacks and malfunction, and capable of providing user services in accordance with its purposes.

14. How should we act in the case of an information security incident?

Although we spared no effort, professional experience, and controls, there is no such thing as a completely secure system. Therefore, we are committed to informing the user public of information security incidents that affect them, so that they can take necessary precautions.

15. You are welcome to send us your questions, and suggestions for improving the application or reports of information security, or privacy issues to Hamagen@MOH.GOV.IL