There is an open source and decentralized solution (called DP-3T) which takes data from infected persons with covid-19 and check if you were in close proximity with any of them, without revealing anyone its identity. Although Google and Apple's joint project concerns the implementation of DP-3T approach which aligns with GDPR (see [3]). Also, it seems that there is another approach which at least until now, is closed source and based on centralized/decentralized approach (called PEPP-PT [7]). Many institutes seems to participate (see [4]). The problem with close source software remains and it is fundamental for security/privacy reasons. For instance if it is backdoor-ed no one can check that. It is well known that for security reasons and privacy concerns the first choice is one way street. Also EU adopts a similar position (see [1]).It seems that there are more concerns about PEPP-PT, see [2,6]. Finally there are more covid-19 apps, see [5]. Although, the efficacy of these apps is debatable, see [8].

Bibliography

[1] Paragraph 52, EU coordinated action to combat the COVID-19 pandemic and its consequences

[2] https://nadim.computer/posts/2020-04-17-pepppt.html

[3] https://www.wired.com/story/apple-google-contact-tracing-strengths-weaknesses/

[4] https://www.ercim.eu/news/478-pan-european-privacy-preserving-proximity-tracing

[5] https://en.wikipedia.org/wiki/COVID-19_apps

[6] https://github.com/DP-3T/...

[7] https://github.com/pepp-pt/...

[8] https://www.eff.org/deeplinks/2020/04/challenge-proximity-apps-covid-19-contact-tracing