bad spread

Contact Tracing in Malaysia: What’s Up?

What is contact tracing in Malaysia, and what are the efforts that we have going on? From the bits of information floating around, I try to recreate what I think is a plausible picture of contact tracing efforts in the country.

The National Security Council or NSC, actually delivers daily SMS texts about COVID-19 related information. Besides reminding receivers to keep safe distances and to follow the standard operating procedures (SOP) for different industries, the NSC recently also began to send texts urging folks to download mobile applications.

There are three apps, which NSC specifically informs us to download. These are the Gerak Malaysia app, MyTrace app, and MySejahtera app.


Let’s start with the app that seems the simplest. MySejahtera app is described as an app that was developed to assist in monitoring the virus outbreak in the country.

This seems to suggest there would be two-way interaction between app and users, instead of the app simply broadcasting virus-related information like the nearest health facilities, and guidelines.

Indeed from this website, it is suggested that users will be able to assess their health risk with the app, and receive guidance on the next steps to take.

This app was developed with strategic collaboration from NSC, MOH, MAMPU and MCMC.

 Gerak Malaysia

Gerak Malaysia can be found at, and from what I understand from NSC texts, this app facilitates an individual to apply to travel between states. According to Berita Harian, in just one week, the Royal Malaysian Police has received over 500,000 applications to travel to other states.

Over a million individuals are reported to have downloaded Gerak Malaysia app.

This app is under the jurisdiction of the MOH, developed my MCMC, with information and access to information believed to be stored on the Royal Malaysian Police’ IT infrastructure.

Once the app user applies to travel to another state, a QR code will generated, and this code is to be displayed at police check points.

Most interesting of all, is this app has near to real-time contact tracing which is believed to leverage GPS location technology.

There are a few versions of this app, with the latest being version 2.5.

In an effort to be transparent, a FAQ published on 9th May 2020,  shares that data collected via use of the app would be deleted 6 months after the MCO.


At time of writing, MySejahtera is reported to be linked to the MyTrace app. On the front end which is displayed to users, when they access either app, the other app will be displayed on the main menu or users will be prompted to download.

At the backend, there may be interesting discoveries and insights that MOH will gain from merging information gathered by these 2 apps, ie.  the health status of a user and persons the user has been in proximity with. Not much is known about how the government and/or users will use this data.

MOSTI minister, Khairy Jamaluddin has assured that data collected through MyTrace would be anonymised and kept on users’ phones.

This app is believed to leverage Bluetooth technolgy and is based upon APIs from a Google and Apple architecture that promotes a decentralised way of storing and managing data. This method is believed to be less intrusive.

In efforts to be transparent and to allay concerns about privacy, the app’s source code would also be published for peer review ie. More eyes looking for vulnerabilities and bugs. This is believed to help make the app more robust and resilient to hacks, and also for peace of mind that there is no dubious code that compromises privacy.


However, while the privacy aspect may be addressed, the MyTrace app could actually be more prone to cybersecurity than privacy risk.

There was sighting of a self-propagating Bluetooth virus, which spreads itself by virtue of its proximity to other Bluetooth devices.

The app currently is available for Android devices, with an iOS version in the works.

Currently also, there are no reports of the other contact tracing app, Gerak Malaysia, publishing its source code for peer review.

It appears, when users are applying to move between states and/or zones via this app, they have to grant permission to enable Location Services on their phones.  This is not confirmed yet.