Technology

Majority of govt-backed COVID-19 tracing apps are woefully insecure in rush to market: report

Report assesses 17 Android mobile contact tracing apps from 17 different countries

The majority of government sponsored COVID-19 tracing apps are improperly secured, and in their rush to market, app developers leave users vulnerable to invasions of privacy, according to a new report.

Today, mobile app security firm Guardsquare released a report called “The Proliferation of COVID-19 Contact Tracing Apps Exposes Significant Security Risks” in which it assessed 17 Android mobile contact tracing apps from 17 different countries across Europe, Asia-Pacific, the Middle East, and the Americas.

The report concluded that most government sponsored COVID-19 tracing apps leave widespread vulnerabilities where “malicious individuals may interfere with these apps for nefarious purposes, such as causing confusion, spreading false information, or instilling fear.”

“Hacktivists, especially in places experiencing civil unrest, may also disrupt these apps—not to steal or expose data—but because they dislike the idea of government or other surveillance,” according to the report.

Click image to enlarge

Apart from being a privacy and security issue, unsecured contact tracing apps erode public trust in the apps themselves. This, according to Guardsquare, is a grave public health concern.

Properly securing contact tracing apps is not just a citizen privacy and security issue and a government trust issue. It’s a public health concern as well,” according to the report.

If the whole point of contact tracing is to better understand how a virus is spreading, but people don’t trust it and therefore don’t use it, then contact tracing becomes useless in the attempt to stop the spread.

“Trust is key to success with contact tracing apps, but app makers unfortunately do not seem to be taking the risks seriously enough yet,” the report reads,” adding, “It only takes a single high-profile security incident to ruin confidence in an app.”

In order to make contact tracing apps more secure, Guardspace recommended that:

  • All apps need to be developed securely and with a ‘privacy by design’ ethos.
  • It’s up to governments and other entities who build these apps to ensure that the core code of the app is shielded properly, and that user information and privacy is safeguarded.
  • Developers should use code hardening to protect code at rest and runtime application self-protection to protect apps in use.
  • To be truly bulletproof, apps should implement hook detection, tamper detection, and debugger detection.
  • Anyone disseminating contract tracing apps must impose minimum standards of quality and security on the third parties or internal teams who are developing them.

Here is what governments and other organizations building COVID-19 contact tracing apps need to understand. If these apps are improperly secured (as most are), user data—in particular location information—may be at risk” — Guardsquare report

Click image to enlarge

What data is being collected, who’s collecting it, how it’s being used, and how long it will be used for are all issues being debated across governments, think tanks, the media, and watch dogs when it comes to contact tracing technology and applications.

According to Guardsquare’s report, “These apps should not be gathering certain types of information, and certainly should not be storing it for any length of time. In particular they should not be monitoring absolute GPS location on an ongoing basis (it is more valuable and less invasive to monitor only geographic proximity to known infected individuals).”

Last month, the National Security Commission on AI published white paper by four of its commissioners stating that contact tracing apps can provide value in helping to control the spread of COVID-19, but that the apps should be “strictly voluntary” and without forced adoption.

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

Recent Posts

Bridging Traditional Venture Capital and the Masses: Democratizing Startup and Private Market Investments

Article by Luis X Barrios, CEO of Arkangeles For far too long, venture capital has…

17 hours ago

WEF scrubs ‘Valuing Nature’s Assets’ session from Sustainable Development Impact Meetings

The World Economic Forum (WEF) deletes a session entitled, "Valuing Nature's Assets," from its Sustainable…

3 days ago

Horasis India Meeting 2024: Here’s look at 10 key speakers this week in Athens

The theme of the 2024 Horasis India Meeting is cooperation, impact investing, and sustainable growth…

5 days ago

UN Summit of the Future Global Call: World leaders advocate Agenda 2030, UN reform

World leaders gather on the UN Summit of the Future Global Call to advocate for…

1 week ago

A Look Into AI and the Risks to Elections

Image via: Freepik When an entire nation devotes its attention to Vice President Kamala Harris…

1 week ago

5 ‘interconnected shifts’ are driving ‘profound systemic transformation’: Klaus Schwab, WEF report

World Economic Forum (WEF) founder Klaus Schwab says that the world is undergoing profound systemic…

1 week ago