DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

New tool reveals security and privacy issues with contact tracing apps

Posted on February 27, 2021 by Dissent

COVIDGuardian, the first automated security and privacy assessment tool, tests contact tracing apps for potential threats such as malware, embedded trackers and private information leakage.

Using the COVIDGuardian tool, cybersecurity experts assessed 40 Covid-19 contact tracing apps that have been employed worldwide for potential privacy and security threats. Their findings include that:

  • 72.5 per cent of the apps use at least one insecure cryptographic algorithm.
  • Three quarters of apps contained at least one tracker that reports information to third parties such as Facebook Analytics or Google Firebase.
  • Whilst most apps were free of malware, the Kyrgyzstan app Stop COVID-19 KG was discovered to have malware.

Following their analysis, the researchers released the results to vendors. Further testing later found that privacy and security weaknesses on four apps had been fixed, and one vulnerable app was found to no longer be available.

Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London, said: “With the pandemic there was a rapid need for contact tracing apps to support efforts to control the spread of Covid-19. Unsurprisingly we found that this had resulted in some relatively mainstream security bugs being introduced worldwide. Some of the most common risks relate to the use of out-of-date cryptographic algorithms and the storage of sensitive information in plain text formats that could be read by potential attackers.”

“Our work is helping developers to address these problems. Through COVIDGuardian we’ve produced a tool that can be used by developers to discover and fix potential weaknesses in their apps and share guidelines that will help to ensure user privacy and security is maintained.”

User concerns

To support this work the researchers also performed a survey involving over 370 individuals to understand the likelihood that they would use a contact tracing app and highlight concerns around their use. The results suggested that the privacy and accuracy of contact tracing apps had the biggest impact on whether individuals would use the app.

As part of the survey, volunteers were also asked about their preferences with regards to decentralised and centralised apps.“Security and privacy concerns have been a big issue affecting the uptake of these apps. We were surprised that the debate around decentralised vs centralised apps didn’t seem so important and, instead, users were more focused on the exact details of what private information is collected. This should encourage developers to offer stronger privacy guarantees for their apps,” added Dr Tyson.

More information

  • Research publication: ‘An Empirical Assessment of Global COVID-19 Contact Tracing Applications’ Ruoxi Sun, Wei Wang, Minhui Xue, Gareth Tyson, Seyit Camtepez, Damith C. Ranasinghe.
  • The paper will be presented at the International Conference on Software Engineering on May 23-29 2021. A copy of the paper is available at: https://arxiv.org/abs/2006.10933.

Source: Queen Mary University of London

Related posts:

  • Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
  • Suspending Cambridge Analytica and SCL Group from Facebook
Category: Commentaries and AnalysesHealth DataOf Note

Post navigation

← Members of Identity Theft Ring Plead Guilty to Fraud Targeting Virginia ABC Stores
At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.