TAM asserts that two main constructs (PEOU and PU) influence behavioral intention to use a new technology (Davis, 1989). PEOU is “the degree to which a person believes that using a particular system would be free from effort” (Davis, 1989, p. 320); PU is “the degree to which a person believes that using a particular system would enhance his or her job performance” (Davis, 1989, p. 320). PU and PEOU both influence BI directly or through the mediation of attitude towards a technology (Venkatesh & Davis, 1996).

TAM has proven reliable in predicting continued IT use based on users’ beliefs, even after they are exposed to the system for a short period of time (H. Yang & Yoo, 2004). A meta-analysis of 88 TAM studies by King and He (2006) found the TAM to be a robust model and that the main measures (PEOU, PU and BI) were highly reliable and may be used in a variety of contexts.

While we accept that TAM has been “overworked” (Goodhue, 2007, p. 220) and that other longitudinal and multi-stage models are also needed to assess influences throughout the implementation process (Benbasat & Barki, 2007), we believe that the explanatory power and parsimony of TAM allow researchers to focus on the reasons why individuals use new technologies (Goodhue, 2007). Furthermore, the model’s implicit assumption that “more use is better” (Goodhue, 2007, p. 220) which may be inaccurate for most systems, is appropriate for technologies requiring mass acceptance such as CCT apps.

We follow Benbasat & Barki (2007) recommendation to model other salient beliefs such as trust as well as antecedents of the existing TAM belief constructs. We extend the TAM to better reflect the influences on m-health use.

Therefore, we propose the following hypotheses which are consistent with core TAM relationships:

• H1. PU has a positive effect on BI.

• H2. PEOU has a positive effect on BI.

• H3. PEOU has a positive effect on PU.

There is a significant body of literature on the influence of trust on adoption intention (Carter & Bélanger, 2005; Lu et al., 2011; McKnight, Choudhury, & Kacmar, 2002; Nicolaou & McKnight, 2006; Venkatesh et al., 2016). This concept has been investigated in IT enabled contexts such as e-commerce (Kim & Koo, 2016; W. Wang & Benbasat, 2005), digital markets (Du & Mao, 2018) and knowledge management systems (Thatcher, McKnight, Baker, Arsal, & Roberts, 2010). The underlying assumption is that, because IT related environments are often associated with higher levels of uncertainty and complexity (Chandra, Srivastava, & Theng, 2010; Luhmann, 1979; McKnight et al., 2002; Pavlou, 2003; W. Wang & Benbasat, 2005), trust can overcome user concerns related to those aspects.

Several studies have extended the TAM with trust constructs (Gefen, Karahanna, & Straub, 2003b, 2003a; Venkatesh et al., 2016; W. Wang & Benbasat, 2005). Accordingly, in addition to the well-known antecedents (PU and PEOU) of behavioral intention, trust also contributes to explaining user acceptance of IT (e.g. Chandra et al., 2010; Gefen et al., 2003b, 2003a; W. Wang & Benbasat, 2005).

Table 1 displays a sample of studies which measure the role of trust on PU, PEOU and the intention to use an information technology in TAM models.

Trust can be defined as a state of favourable expectation regarding other people’s actions and intentions (Möllering, 2001). Definitions of trust usually highlight the “willingness to depend” on one another (e.g. Gefen et al., 2003b; McKnight et al., 2002; Vance, Elie -Dit-Cosaque, & Straub, 2008). One of the most cited definitions is provided by Mayer, Davis, and Schoorman (1995), who suggest that trust is “the willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party.” (p 712). Therefore, trust involves both risk control based on a rational assessment of the other party’s interests and competence, and risk taking. McKnight et al. (2002) propose a conceptualization of trusting beliefs that encompass three dimensions: competence (i.e., the ability of the trustee to do what the trustor needs), benevolence (i.e., the trustee’s motivation to act in the trustor’s interests), and integrity (i.e., the trustee’s honesty and promise keeping). This conceptualization has been widely used to examine the role of trust in technology adoption in IT-enabled contexts such as e-commerce (e.g., W. Wang & Benbasat, 2005) and e-government services (Venkatesh et al., 2016). Wang & Benbasat (2005) propose an integrated trust-TAM conceptualization according to which trust influences both intention to adopt and usefulness, in addition to the well-known TAM effects. The authors validated their model for online shopping recommendation agents using a laboratory experiment. This conceptualization is important because it is the first to focus on trust in IT instead of the broader conceptualization of trust in a vendor (e.g., a vendor in the context of e-shopping).

Thus, trust has been conceptualized and empirically validated as an antecedent of PU (Chandra et al., 2010; Gefen et al., 2003b; Pavlou, 2003; Tung, Chang, & Chou, 2008; W. Wang & Benbasat, 2005). In the health care sector, Li et al. (2014) show that trust in a provider of a PHR software application had a positive impact on both perceived benefits and usage intentions. The main assumption behind the relationship between trust and PU is that if users do not trust the IT artifact then they will not perceive the potential benefits derived from the use of the artifact (W. Wang & Benbasat, 2005). In the context of CCT, this means that if citizens think that the CCT app is not able to fulfill their needs (e.g., the CCT app fails to capture the right data about an infected person), to work in their best interests (i.e., rather than for government surveillance goals) and to keep its promise (e.g., give accurate notifications about infections), then they may consider that the CCT app is not useful for them.

We therefore posit that:

• H4. Trust has a positive effect on PU.

A small number of studies model trust as a consequence of PEOU (Gefen et al., 2003b; Tung et al., 2008; W. Wang & Benbasat, 2005). Gefen et al. (2003b) and Wang & Benbasat (2005) argue that PEOU increases trust because when users perceived that an IT is easy to use, they feel that the IT provider cares about users which in turn generates trust. Therefore, we propose the following hypothesis:

• H5. PEOU has a positive effect on trust.

Trust has also been shown to influence behavioral intention in various IT-enabled contexts, and using different conceptualizations (Fang et al., 2014; Kim & Koo, 2016; B. Q. Liu & Goodhue, 2012; Vance et al., 2008). These studies included both TAM extended models (Awad & Ragowsky, 2008; Gefen et al., 2003b, 2003a; Suh & Han, 2003; Tung et al., 2008; N. Wang, Shen, & Sun, 2013; W. Wang & Benbasat, 2005) and studies of intention to use PHR systems (H. Li et al., 2014). According to this body of research, trust can overcome user’ risk and uncertainty concerns and lead them to express an intention to adopt an IT (Gefen et al., 2003b; W. Wang & Benbasat, 2005). If users do not trust the IT artifact, they may not use it and instead switch to other systems (W. Wang & Benbasat, 2005). Moreover, trust creates more positive attitudes (Chandra et al., 2010). In the context of CCT app adoption, Altmann et al. (2020) conducted a survey in five countries and showed that the probability of installing a CCT app increases with trust in the government. Using a panel survey conducted in Switzerland, von Wyl et al. (2021) showed that trust in government is correlated with trust in a CCT app. In addition, Dowthwaite et al. (2021) conceptualized and empirically validated the role of trust in a CCT app on adoption intentions.

Trust is particularly important when users interact with an IT for the first time and thus have limited understanding of agent behavior as they have no previous experience with the IT nor have assessed its quality (McKnight et al., 2002; W. Wang & Benbasat, 2005). This is the case for a CCT app for which the intention to adopt is investigated in this paper in the early months after its implementation. Therefore, we posit the following hypothesis:

• H6. Trust has a positive effect on BI.

Previous literature has highlighted the importance of information privacy and privacy concerns in technology adoption (Dinev et al., 2015; Malhotra, Kim, & Agarwal, 2004; Trang et al., 2020; Wu, Huang, Yen, & Popova, 2012). While the influence of privacy on mobile health acceptance has not been addressed, scholars such as Li et al. (2014) have argued that privacy-related risks are the primary reason why many people hide their medical information.

Authors have defined privacy in various ways, including general privacy concerns (i.e., the importance of privacy), willingness to display personal information, and privacy control. Clarke (1999) distinguishes four dimensions of privacy: privacy of a person, personal behavior privacy, personal communication privacy, and personal data privacy. Bélanger and Crossler (2011) argue that as most communications are digitized and stored as information, personal communication privacy and data privacy can be merged into the construct of information privacy. Information privacy is the ability of an individual to control when, how, and to what extent their personal information is exchanged with and used by others (Bansal, Zahedi, & Gefen, 2015; Belanger, Hiller, & Smith, 2002; H. Li et al., 2014). This concept is strongly related to control over information about oneself (Taddei & Contena, 2013). As a loss of information privacy renders users vulnerable to various types of privacy risks, they tend to evaluate information sensitivity and loss of information control before sharing their data (Malhotra et al., 2004).

An app’s privacy design can differ according to the amount and type of sensitive information required from a user and the extent of control over access to it, including where the data is located and who has access to it (Cavoukian, 2009; Trang et al., 2020). Recent research on mobile devices and apps has found that different types of IT designs influence privacy concerns and user acceptance (Venkatesh, Aloysius, Hoehle, & Burton, 2017), that users prefer control to direct information access (Sadeh et al., 2009), and that app permission requirements decrease installation intentions (Gu, Xu, Xu, Zhang, & Ling, 2017).

As privacy concerns are a main inhibitor for app acceptance (Dinev et al., 2015), it stands to reason that an app’s privacy design affects adoption (Trang et al., 2020). As contact tracing apps require access to sensitive data, a citizen’s decision to install the app may depend on the app’s privacy design in terms of sensitivity (e.g., geolocalisation tracking vs. Bluetooth tracing) and control (e.g., centralised vs. decentralised data processing; restricted vs. extended data usage), and on the trust in the app provider to develop appropriate privacy safeguards (Trang et al., 2020).

Perceived privacy control is defined as the perceived level of control over the disclosure and subsequent use of one’s personal information (H. Li et al., 2014). The concept of privacy control is inspired by the concept of self-efficacy and trust in one’s own abilities. According to Bandura (1997) self-efficacy is “an individual’s conviction (or confidence) about his or her abilities to mobilize the motivation, cognitive resources, and courses of action needed to successfully execute a specific task within a given context” (Stajkovic & Luthans, 1998, p. 66). Individuals may consider that having control over their health information disclosure and usage allows them to assess the benefits and potential privacy risks involved in using a mobile health app (H. Li et al., 2014). A high level of perceived control over information practices could reassure users that the mobile health app provider is likely to behave responsibly, leading them to form more favorable judgments about the benefits of the app (H. Li et al., 2014). Li et al (2014) has shown in the context of PHR that privacy control positively influences PU.

We therefore hypothesize that:

• H7. Privacy control influences PU.

Reliability has been defined as the dependability of system operations (Nelson, Todd, & Wixom, 2005; Shaw, 2002; Srinivasan, 1985; Wixom & Todd, 2005) or, more specifically “the technical availability of the system.” (Nelson et al., 2005, p. 205). More recently, McKnight, Carter, Thatcher, and Clay (2011) defined reliability as the belief that the specific technology will consistently operate properly. Carayon, Hundt, and Wetterneck (2010) conceptualized reliability as a dimension of technical performance together with speed, and accuracy, and found that reliability most influenced system acceptance and continued use. Reliability has also been shown to be an antecedent of system quality (Wixom & Todd, 2005).

In one of the few studies that have examined the influence of reliability on technology acceptance, Liao & Landry (2000) show that system reliability has a direct effect on PEOU, assuming that a performant IT (e.g., which does not breakdown) is perceived as being more easy to use than a less performant IT.

Therefore, we propose the following hypothesis:

• H8. Reliability has a positive effect on PEOU.

In line with previous studies, we added control variables to PU and PEOU for gender (Gefen & Straub, 1997; X. Zhang & Prybutok, 2003) and age (Burton-Jones & Hubona, 2006; Gomez, Egan, & Bowers, 1986). Our conceptual research model is presented in Figure 1.

A questionnaire was developed (Appendix 1) to test the research hypotheses and model. All constructs of the conceptual model were operationalized based on the extant literature (Lai & Li, 2005; H. Li et al., 2014; Nelson et al., 2005; Venkatesh et al., 2016). The questions were translated following a forward and backward translation procedure as recommended for this kind of study (Bullinger, 1995) and a five-point Likert scale was used (i.e., 1 very strongly disagree to 5 very strongly agree) to measure each item. Following Li et al. (2014), we adopted the concept of “perceived benefits” to measure PU as it is more appropriate in a healthcare setting. Perceived benefits are the useful and desirable effects that are expected to accrue from using a technology. A pilot test was conducted with ten individuals to ensure that items were easy to understand.

Stop Covid was a French Coronavirus contact-tracing app that was designed by a consortium of French companies led by the National Institute for Research in Computer Science and Automation (INRIA) and implemented by the French Government in June 2020. Its use was voluntary and the government developed a promotion strategy to increase its adoption (Rowe et al., 2020). The aim was to alert users who may have been in contact with someone infected by the Coronavirus. The app was available for Android and iOS compatible telephones, was free to download and used a wireless Bluetooth protocol. The app used Bluetooth to identify nearby users rather than geolocalisation which is considered more intrusive. When a telephone identified a nearby user who also had the StopCovid app installed and activated, user codes were exchanged via Bluetooth. The codes were designed to change regularly so that users remained anonymous. If a person developed symptoms which were confirmed by a laboratory test, the laboratory provided the patient with a QR code to flash with their phone. This information was centralized on a server which sent alerts to anyone who had been within one meter of the infected person for more than 15 minutes within the previous 14 days. The consortium launched a Bug Bounty program with French startup YesWeHack before launching the app, to enhance the security of the StopCovid application. This initiative mobilized a community of cybersecurity experts to search for potential vulnerabilities within the application and its infrastructure. The app was modified to improve data protection following a request from the national committee in charge of data protection rights (Commission Nationale de l’Informatique et des Libertés, CNIL). The consortium also published the source code of the app on GitHub.

When the app was launched, a computer science researcher reported that the app collected more data than claimed, including the data of all persons in proximity to a user for less than 15 minutes. Facing criticism from several rights groups about individual privacy and the relevance of collected data, the consortium made several modifications to the app. Beyond privacy concerns, technical performance was also reported as problematic as the first version of the app proved to be incompatible with Apple’s operating system and the Bluetooth settings used by iPhones.

According to the data published by the government, three weeks after launch the app had only been downloaded by 2.7% de la population and 14 notifications of suspected contacts had been sent to users. This raised public criticism about the app’s lack of efficacy, as its design requires it to be used by most of the population in order to accurately track suspected contacts.

A web-based questionnaire was used for data collection in July 2020 by a leading market research provider, Panelabs. The survey was administrated to a sample of 1000 individuals from the French population of over 20 years of age that was quota-controlled according to gender, age, geographic area and occupation to ensure that it was representative. Our study focuses only on individuals that installed the application, in order to measure the influence of the reliability and perceived ease of use constructs following our conceptual model. Table 2 presents the principal characteristics of the sample, broken down according to whether they installed and then actually used the application or not. This smaller sample of “installers” is also representative of the general French population for age, geographic area and occupation. It differs along the variable gender; a greater percentage of men installed the app than in the general population[1]. The influence of gender was controlled for in the model.

The study used SmartPLS 3.0 (Ringle, Wende, & Becker, 2015) in line with similar studies in healthcare (Zobair, Sanzogni, & Sandhu, 2019) to estimate the measurement properties of our model. Specifically, the study applied nonparametric bootstrapping (Chin, 2010; Efron & Tibshirani, 1994) with 5000 replications to obtain the standard errors of the estimates (Hair, Hult, Ringle, & Sarstedt, 2016) and a path weighting scheme to estimate the structural model relationships.

Reliability and validity analyses were first conducted to evaluate the quality of the measures used. The Cronbach alpha statistics that were computed to evaluate the internal consistency reliability for each construct are presented in Table 3. All values are above 0.70 indicating adequate internal consistency.

The convergent validity of each construct was evaluated by inspecting the outer loadings of each individual item and the average variance extracted (AVE). The individual item loadings are all above 0.7 on their respective constructs and the average variance extracted of each construct is above the 0.5 threshold (Fornell & Larcker, 1981) indicating the convergent validity of the instrument items.

The discriminant validity of each construct was assessed using two separate measures. Firstly, an inspection of the cross loadings of the indicators revealed that loadings on the associated construct were greater than loadings on other constructs (Table 4). Secondly, the square root of each construct’s AVE value was greater than its highest correlation with any other construct (Table 5). These findings support the discriminant validity of the constructs.

A full collinearity test was conducted following the procedure outlined by Kock & Lynn (2012) to test for common method bias. This is particularly important in our study as TAM constructs (Straub & Burton-Jones, 2007) and self-reported usage in particular (Y. Lee et al., 2003) may be subject to bias. All variance inflation factor (VIF) statistics were below 3.3 confirming that the model was free of common method bias.

Once we confirmed that construct measures were reliable and valid, we then assessed the predictive capabilities and the relationships between constructs in our structural model.

Prior to interpreting path coefficients, we checked for collinearity between predictor constructs. All VIF statistics are below 5 indicating acceptable levels of collinearity (Hair, Ringle, & Sarstedt, 2011). We next examined the magnitude and strength of the paths of the structural model and then its overall explanatory power. Standardized paths should be around 0.20 and ideally above 0.30 and be directionally consistent with expectations to be considered meaningful (Chin, 1998). The loadings on all significant structural paths were close to or above 0.20 indicating that the model had sufficient predictive power. The results of the structural model are presented in Table 6.

The path between PU and BI was weak but significant at the 5% level (β = 0.114, p = 0.047), thus supporting hypothesis H1. The PU of the CCT app weakly influences intention of use.

The path between PEOU and BI (β = 0.184, p = 0.003) was significant at the 5% level, thus supporting hypothesis H2. The perceived ease of using the contact tracing application influenced use intentions albeit with a weak path coefficient. PEOU did not significantly influence PU (β = 0.-0.031, p = 0.649) at the 5% level (H3).

The path between trust and PU (β = 0.481, p < 0.001) was significant, supporting hypotheses H4. Trust was strongly influenced by PEOU (β = 0.539, p < 0.001), thus supporting H5. In turn, trust significantly influenced BI (β = 0.547, p < 0.001) (H6).

Privacy control positively influenced PU (β = 0.287, p < 0.001), albeit with a moderate path coefficient, lending support to hypothesis H7. The relationship between reliability and PEOU was also found to be strong and significant (β = 0.629, p < 0.001), upholding hypothesis H8.

The coefficient of determination (R²) was computed to assess the model’s overall explanatory power. The analysis revealed that the structural model explained 54% and 46% of the variation in BI and PU respectively, suggesting that the structural model provided adequate explanatory power of these constructs (Hair et al., 2016). The model explained less variation in the trust (R² = 29%) and PEOU (R² = 39%) variables. The inclusion of the two control variables (age and gender) did not significantly influence the explanatory power of the model.

In addition to evaluating the model’s predictive accuracy with the R² statistic, we also calculated Stone-Geisser’s Q² value to assess the model’s predictive relevance. Predictive relevance measures how well the path model can predict the originally observed values. The Q² values of our model are all between 0.18 and 0.52 indicating medium to strong predictive relevance of our model (Hair et al., 2016).