Self-assertion by the App Creators is shown in the top-left corner.
The color of the arc can be red, yellow, green or gray, dependent on App Creator’s
self-assessment (see below).
Independent assessment by third parties, such as App Assay or
other independent organizations or individuals, without enough help from the
App Creators to qualify as an Audit, is shown in the bottom-left
corner. The color of the arc can be red, yellow, green, or gray, dependent on the
third party/parties' external assessment (see below).
If an App has been audited, a single colored circle is used
for the rating. The color of the circle can be red, yellow or green, dependent on the result
of the Audit (see below).
Colors
The App is implementing world-wide best practices on this subject, or
is close to them. We have not found major concerns.
The App implements a set of tradeoffs on this subject that are debatable.
Reasonable people may disagree on them. For example, is it better to take an extra month
of development time for an App that makes a significant positive impact on COVID-19,
if during that time much better privacy protections can be implemented?
At App Assay, we do not make tradeoffs like this; we only provide the information to
enable others to make this tradeoff.
The App is ineffective, or causes significant, unnecessary risks or
harms to potential App Users, as significantly
better Survey of Implementation Choices exist for what it attempts to do.
Insufficient information is available to ascertain whether the App
is effective, or what risks and harms may exist when using the App.
Hypothetical example
For example, a hypothetical App may have the following summary:
Impact on the pandemic
While the App traces contacts, it encourages large crowds to congregate for
prolonged periods of time. As a result, its net-impact on COVID-19 is likely to be negative.
which should be interpreted as:
In the view of the App Creators, the App has a significantly positive
impact on fighting back the pandemic (green arc upper-left),
while a 3rd-party assessment disagrees (red arc lower-left), with an
explanation that is given in text to the right.
Avoidance of downsides or risks
Privacy is substantially below best practices
which should be interpreted as:
An audit on potential risks and harms was conducted, which found a substandard
result (full circle in yellow), with an explanation that is given in text to the
right.