It's D-Day for StopCovid. This application, developed by the government, should allow us to trace contacts with coronavirus patients, using our phone. It was approved by Parliament this week and Tuesday, the start of phase 2 of the deconfinement, there it is finally available. You can download it for free on your phone. Europe 1 tested it for a few days: that's all you need to know about StopCovid.
>> Watch Matthieu Belliard's morning show in replay and in podcast here
Is the application mandatory?
No. StopCovid works entirely on the principle of volunteering. If you do not want to install it, nothing forces you to, there is no penalty. And conversely, there is no positive incentive, no benefit in downloading it. The free choice to use or not the application was also one of the imperatives requested by the Cnil, which therefore gave the green light to StopCovid.
How does StopCovid work?
The application uses bluetooth to locate other users nearby. If you find yourself in contact, within a meter and for more than 15 minutes, with a sick person who has also installed StopCovid, you will receive in less than 24 hours a notification inviting you to isolate yourself and to be tested. "Bluetooth has the advantage of also working in places without a telephone terminal, in the 'white zone'," said Secretary of State for Digital Cédric O, on Europe 1.
Each contact with another user is recorded in the form of an exchange of encrypted identifiers. Each phone has its own identifier, a series of numbers and letters generated randomly and renewed regularly. There is therefore no name exchange. The app should prove useful in crowded places, such as transportation and public places. "If you come across a person who has tested positive in a bar or in a restaurant, no one can warn you ... except the application," argues Cédric O.
What does the application look like?
StopCovid was designed to be used by as many people as possible, including the less tech savvy. Lunabee Studio, the company that developed the application, therefore opted for an extremely simple interface. When you first open it, you will find an information page on the stored data and the use that is made of it. Then, you are asked for access to bluetooth. It must be authorized, otherwise the application cannot function.
> Vaccine, immunity, transmission: four questions still topical on the coronavirus
> Why is hydroxychloroquine rejected by health authorities?
> Coronavirus: 5 mistakes not to make with your mask
> How does StopCovid work? We tested the tracing application in preview
> Statistical corrections, rounded averages ... exceptional measures for the bac 2020
> Why are French nurses among the lowest paid in Europe?
On the home page, you just have to click on "I activate StopCovid" to start it. You can change the application, make phone calls: as long as the bluetooth remains activated, it runs in the background. With one click on the same button, you can deactivate it. This thus saves the battery even if, according to our observations, the permanent use of bluetooth does not consume a lot of energy.
If you haven't been sick, and most people are, it stops there. On the other hand, if you have had the coronavirus, you must report yourself in the "Notify me" tab. Everything is anonymous, you don't need to give your name, just a code provided by the doctor or laboratory that tested you.
Is the application secure?
Having decided to dispense with the help of Google and Apple, the French government faced an unprecedented security challenge. Public and private actors have therefore been mobilized to ensure that StopCovid resists hacking attempts. "It is rather good work. I have inspected hundreds, even thousands of applications and we can say that the code is of good quality", explains to Europe 1 Baptiste Robert, cybersecurity researcher and "ethical hacker" who experienced the application.
>> PODCAST - Coronavirus: find all the answers to your questions here
According to him, its strength lies in its simplicity. "It does not offer a lot of functionality to the user. There is only one place to enter text and nothing that links it to the integrity of the phone. An attacker will probably not succeed in hacking the entire user phone via StopCovid, "said the specialist. Despite everything, he and other hackers who participated in a "bug hunt" organized by the government found "more or less serious security holes". Reported to developers, they must be processed.
As for the question of "hidden surveillance" raised by critics of the application, there is nothing to indicate that this is the case. First, StopCovid does not use geolocation, so it cannot track your movements. Nor does she have access to your contacts. "The only thing that's saved on your phone is your encounter history, the phones, in code form, that you came across. And nobody has access to this list, neither you nor the state, no one, "says Cédric O. And this data is automatically deleted every 15 days.