The International Digital Accountability Council (IDAC) published findings from the investigation of worldwide COVID-19 mobile apps. The IDAC stated that several apps had security vulnerabilities that compromise user data protection and privacy. The study researched how apps collect data, what data is collected, and whether third parties receive data through these apps to identify practices that pose privacy risks. The IDAC analysed 23 contact-tracing apps and found that less than 20% explicitly state or inform users if their personal data is anonymised. In addition to contact tracing apps, 20 telehealth apps were analysed in the study. While the organisation noted that these apps typically act in ways that meet the user’s privacy expectations, it identified a few concerns. For instance, of 20 apps, 3 privately-owned apps are sharing data with third parties, such as Google.