Table 2.
The 7 pillars with their first- and second-level attributes (only).
| First-level attributes | Second-level attributes | |
| Characteristics Pillar | ||
|
|
1. General characteristics | |
|
|
|
Name of app |
|
|
|
Country |
|
|
|
Current versions |
|
|
|
Language support |
|
|
|
Age of users |
|
|
2. Availability | |
|
|
|
Internet connectivity: app (other) |
|
|
|
Platform dependency |
|
|
3. Organizational reputation | |
|
|
|
App status |
|
|
|
Development |
|
|
4. App content | |
|
|
|
Processing overview |
|
|
|
Sensor employed |
|
|
|
App running state |
|
|
|
Contact tracing definition |
|
|
|
App data |
|
|
|
App permissions |
|
|
|
Notification method |
|
|
|
Diagnosis status |
| Usability Pillar | ||
|
|
1. Subjective satisfaction | |
|
|
|
Rating |
|
|
|
Motivations for high/low scores |
|
|
2. Universality | |
|
|
|
Accessibility |
|
|
|
Cultural universality |
|
|
3. Design effectiveness | |
|
|
|
Completeness |
|
|
|
Configurability |
|
|
|
User interface |
|
|
|
Helpfulness |
|
|
4. User interaction | |
|
|
|
Efficiency |
|
|
|
Robustness |
|
|
|
Clarity of interaction with elements |
|
|
|
Consistency of interaction with elements |
|
|
|
Alerts and notifications messages |
|
|
5. Ongoing app evaluation | Frequency of upgrade |
| Data Protection Pillar | ||
|
|
1. Security | |
|
|
|
STRIDEa taxonomy/vulnerabilities |
|
|
|
CTb-specific threats |
|
|
|
Software architecture security |
|
|
|
SDLCc and security |
|
|
2. GDPRd | |
|
|
|
Preliminaries |
|
|
|
GDPR principles |
|
|
|
Rights |
| Effectiveness Pillar | ||
|
|
1. Effective reporting | |
|
|
|
Detecting close contacts |
|
|
|
Reporting positive close contacts |
|
|
|
Reporting all close contacts |
|
|
|
Reporting hotspots |
|
|
2. Effective results | |
|
|
|
Users who share their data |
|
|
|
Number of (additional) contacts/week found |
|
|
|
Number of those contacts found positive |
|
|
|
Relative effort per contact found versus manual CT |
|
|
3. Effective engagement | |
|
|
|
Population uptake |
|
|
|
Population retention |
|
|
|
Population engagement |
| Transparency Pillar | ||
|
|
1. App transparency | |
|
|
|
App purpose |
|
|
|
App permission |
|
|
2. User participation | App participation knowledge |
|
|
3. Data transparency | |
|
|
|
Minimization, gathering, storing, accessibility, etc |
|
|
|
GDPR applicability |
|
|
|
Life cycle |
| Technical Performance Pillar | ||
|
|
1. Speed | Response time (frontend) |
|
|
2. Efficiency | Response time |
|
|
3. Consumption | |
|
|
|
Battery |
|
|
|
Disk space |
|
|
4. Resource/troubleshooting and trust | |
|
|
|
CPU/memory usage |
|
|
|
Bandwidth usage |
|
|
|
Throughput (backend) |
| Citizen Autonomy Pillar | ||
|
|
1. App discussion authority | |
|
|
|
Official discussion forums |
|
|
|
Empowered moderators |
|
|
2. Phone functionality | |
|
|
|
GPS access |
|
|
|
Bluetooth |
|
|
|
ENSe access |
|
|
|
Notifications |
|
|
|
Microphone |
|
|
3. Data control | |
|
|
|
Data upload authority |
|
|
|
Uploaded data location visibility |
aSTRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
bCT: contact tracing.
cSDLC: Software Development Life Cycle.
dGDPR: General Data Protection Regulation.
eENS: Enhanced Network Selection.