Norway’s health authority has had to delete all data gathered via its Covid-19 contact-tracing app and suspend further use of the tool.
The Norwegian Data Protection Authority ruled the Smittestopp app represented a disproportionate intrusion into users’ privacy.
A switch to a rival design backed by Apple and Google is being considered.
Elsewhere, researchers say a bug in the latest version of Australia’s app means many iPhones fail to log matches.
In mid-April, Norway became one of the first places to introduce a contact-tracing app, when the Norwegian Institute of Public Health and software company Simula rolled out their tool to three of the country’s municipalities.
Such apps work by logging when two phones are close together for longer than a set period of time.
If one user is later diagnosed with the coronavirus, an alert can be sent to the other.
In the case of Smittestopp, at-risk users were asked to self-isolate to avoid spreading the infection further.
The developers decided the best way to do this was to gather both Bluetooth and GPS (global positioning system)location data and carry out contact-matches remotely on a centralised computer server.
But the Norwegian Data Protection Authority said health chiefs had not demonstrated it was “strictly necessary” to collect location data.
Most other contact-tracing apps rely solely on Bluetooth signals – although, there are problems with this approach.
The regulator also noted a group of experts asked to review the app had suggested a switch to Apple and Google’s decentralised model, where the contact-matching process is on smartphones within this system, giving users a higher degree of anonymity.
While the centralised model offers epidemiologists more data to model the disease’s spread, the watchdog said this was separate to contact tracing and users had to be able to consent to one but not the other.
The heath authority said it did not agree with the watchdog’s assessment, warning of “poorer control of the spread of the disease” as a result of the intervention.
But it is advising users to disable the app on their phones, to save battery life, while it decides whether to appeal.
The Norwegian health authority had been advised by Oxford University’s Big Data Institute, which also advised the NHS to adopt its own “centralised” approach.
Australia rolled out its CovidSafe app nationwide at the end of April.
But now, a team of cyber-security researchers says version 1.5 of the iOS release contains a flaw that means iPhones fail to be detected when locked.
“One could imagine Alice packing her bag, putting her iPhone in and going out for the day to a football game,” said one of the team.
“With her device in this state, nobody else will record her presence and if anyone around her tested positive she would not be contacted.”
Because users cannot see their own histories of logged matches, this would not have been immediately obvious to those using the software.
Australia’s Digital Transformation Agency told news site Zdnet it welcomed the feedback.
“The DTA will continue to release updates to the CovidSafe app to deliver a range of performance, security, and accessibility improvements as required,” it said.
Last week, Singapore announced it had awarded a $4.3m (£3.4m) contract to a local electronics-maker to build 300,000 wearable dongles that users physically hand over if they test positive, rather than uploading the information via the internet.
Nevertheless, ministers are expected to confirm the release of Germany’s mobile phone app on Tuesday.
And a Department of Health spokeswoman said it was still committed to a wider rollout of the NHS Covid-19 app across England, despite last week’s postponement of the trial’s second phase.
“There has been a hugely positive reception to the app on the Isle of Wight, with more than 54,000 people downloading the app,” she told BBC News
“Their feedback has been invaluable ahead of rolling out the app nationally soon.”