Comments
Researchers have designed a tool that can identify security and privacy risks associated with Covid-19 contact tracing apps.
The tool, called COVIDGuardian, is the first automated security and privacy assessment tool to test contact tracing apps for potential threats. These threats include malware, embedded trackers, and private information leakage, the researchers mentioned.
Cyber security experts used the tool to assess 40 Covid-19 contact tracing apps that have been employed worldwide for potential privacy and security threats.
Their findings revealed that 72.5 per cent of the apps use at least one insecure cryptographic algorithm. Three-quarters of apps contained at least one tracker that reports information to third parties such as Facebook Analytics or Google Firebase.
Whilst most apps were free of malware, the Kyrgyzstan app Stop COVID-19 KG was discovered to have malware.
Efficacy of app-based Covid-19 contact tracing systems is limited, finds study
Following their analysis, the researchers released the results to vendors. Further testing later found that privacy and security weaknesses on four apps had been fixed, and one vulnerable app was found to no longer be available.
Survey conducted
Dr Gareth Tyson, Senior Lecturer at the Queen Mary University of London, said: “With the pandemic, there was a rapid need for contact tracing apps to support efforts to control the spread of Covid-19. Unsurprisingly we found that this had resulted in some relatively mainstream security bugs being introduced worldwide.”
Digital tools cannot replace human capacity needed for contact tracing: WHO
He added: “Our work is helping developers to address these problems. Through COVIDGuardian we’ve produced a tool that can be used by developers to discover and fix potential weaknesses in their apps and share guidelines that will help to ensure user privacy and security is maintained.”
To support this work, the researchers also performed a survey involving over 370 individuals to understand the likelihood that they would use a contact tracing app and highlight concerns around their use.
The results suggested that the privacy and accuracy of contact tracing apps had the biggest impact on whether individuals would use the app.
The researchers also asked volunteers about their preferences regarding decentralised and centralised apps.
Dr Tyson said: “Security and privacy concerns have been a big issue affecting the uptake of these apps. We were surprised that the debate around decentralised vs centralised apps didn’t seem so important and, instead, users were more focused on the exact details of what private information is collected. This should encourage developers to offer stronger privacy guarantees for their apps.”
The findings of the study were published in Cornell University’s website.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.