KUALA LUMPUR, August 24 — SELangkah developer maintained that the contact tracing app is safe, secure, and protects users’ privacy, as evidenced by its integration with other tech providers from the financial sector.
According to Dr Helmi Zakariah, any QR reader can scan the SELangkah QR, such as the QRPay function in Maybank’s Maybank2u mobile banking app.
“So if we have managed to do that with Maybank, I don’t see what is stopping us for technical integration with any other providers. Despite this, our focus remains to cover the excluded segment of society so nobody would be left behind,” he said.
CodeBlue understands that the Ministry of Health’s (MOH) MySejahtera app has not integrated with any other contact tracing app due to security threats, liability issues, and cost; Deputy Health Minister Dr Noor Azmi Ghazali cited “many technical issues”.
“Having different providers does not stop a work process integration. This is why we have multiple network carriers, but communication service remains seamless,” Dr Helmi added.
It is to be noted that SELangkah’s data is shared with public health personnel in Selangor and Kuala Lumpur to locate people who have been in recent physical contact or close proximity with Covid-19 cases, known as contact tracing.
“Likewise, in the contact tracing ecosystem, regardless of any system providers, the work process integration is intact when public health personnel remain to have access to the system,” Dr Helmi said.
“As the first QR trace providers, since May 20, 2020, SELangkah has provided access to health personnel, which have relied on our ecosystem for accurate contact tracing,” added the public health expert.
MySejahtera, on the other hand, cannot be accessed by staff from district health offices, with Dr Noor Azmi saying that MOH officers on the ground still use manual contact tracing and report to the national Crisis Preparedness and Response Centre (CPRC), which will then scour the app for close contacts of positive coronavirus cases.
Information on MySejahtera is only accessible to seven people — from the national CPRC and disease control division under MOH, as well as the National Cyber Security Agency (NACSA), the lead government agency on cyber security matters under the Prime Minister’s Department.
At the same time, Dr Helmi also raised his concern over premises that do not implement any contact tracing mechanisms, as he emphasised that resources and focus should be deployed to increase coverage, including for people with disabilities.
“Additionally, like I mentioned in my point previously, our concern has always been about the premises or stores that have neither contact tracing ecosystem. So for us, the nifty solution back then was to dual-purpose any QR code of another party that is readily available out there for contact tracing purposes.”
Selangor state government contact tracing app SELangkah is integrated with MidValley Megamall’s unique QR code that provides visitors with a day pass at the major shopping centre in Kuala Lumpur.
Dr Helmi also stated that people who check-in with the app will not be treated as a patient or persons-under-investigation, as the app did not collect any biological variable for it to be subjected under the Medical Act 1971. Dr Helmi described the mechanism as a “Yellow Page or phone list directory tied to a premise”.
“There is no requirement for their private data to be guarded under Medical Act 1971 or Act 342 (Prevention and Control of Infectious Diseases Act 1988).”
Personal data stored in the federal government’s MySejahtera app is treated as confidential patient information under the Medical Act and the Prevention and Control of Infectious Diseases Act. The app does not collect information on users’ temperature screenings.
Even though the Personal Data Protection Act (PDPA) 2010 is not applicable for the federal and state government, Dr Helmi claimed that SELangkah complies with PDPA guidance and is in line with PDPA requirements.
“In terms of data integrity, from June onwards, we put in place OTP for new number registration (this is to be distinguished with re-registration) and at the backend, the database is combed regularly where our system flags and purges those errors and prompt users to re-register their profile.”
OTP is a one-time authentic password, used for only a single transaction or login session. For contact tracing measures, OTP ensures the genuinity of the mobile phone number that is being registered.
Dr Helmi also highlighted that the public is allowed to check-in at premises through SELangkah by various means. In fact, those without smartphones can still check-in using a short message service (SMS) function.
For those who do not have a phone at all, the business owner can check-in the customer using a web-based check-in function.
SELangkah, a pro-bono setup by the Selangor Task Force Covid-19, also launched a new feature called SelangKAD on August 11, a personalised digital or physical card with a unique QR code to enable shopkeepers to scan the card whenever a disabled person enters their premises.
“We know it’s difficult for OKUs to operate a smartphone to scan a QR code. So we start to issue a unique QR card for the OKUs, and the shop owners can scan their card whenever they visit a shop,” the SELangkah squad tweeted on August 11.
The federal government is planning to enact legislation to compel business premises to use MySejahtera, though Minister in the Prime Minister’s Department Redzuan Md Yusof did not state if this would be necessary for outlets that use other contact tracing apps like SELangkah.