Lastest reports 100 corona tracking apps, 40% exposed sensitive information

There is a risk that confidential consumer details could be leaked to the outside if you use touch monitoring applications that do not use Apple and Google’s Visibility Alerts policy. This was investigated and reported by Guardsquare, a company specialized in app defense.

For the investigation, Guard Square analyzed 95 Corona touch monitoring software. 52 were Android-based and 43 were iOS-based. As a consequence, 40 percent of them do not use the Apple and Google protocols. Apple and Google’s protocols are designed to protect users’ privacy. Forty percent of applications that do not use it are analyzed using technology such as GPS data or Bluetooth to track users.

Those 40 percent of apps are not specifically identified by Guard Square. This is because the apps are mostly created by the country, so the national dishonor is protected the moment you call them. Grant Goodes of Guard Square explains, however, “if you use GPS information with someone’s identification information, it is highly likely to be abused as an effective surveillance tool,”

Of course, it doesn’t attract as much interest or be used as much as the early coronavirus to monitor reported patients and contacts as an app. This is because the corona has either subsided or entered a condition beyond influence in most nations where pursuit is futile. However when it is said that such disasters continue to occur due to climate change, etc., such tracking applications will be used again, so from now on, Guard Square claims, it is wise to complete safe technology by inspection.

Guard Square, for reference, launched a related inquiry in June. There were 17 Android applications that were investigated at the time, and it was discovered that after encryption and obfuscation processing, there was only one app that transmitted data.

image source: computerworld

In this survey it was found that the official API of the exposure notification protocol announced by Apple and Google was analyzed using 32 Android apps and 25 iOS apps. “If you use this API, even if you track a contact, your data will never be exposed,” he said. So it does not cause privacy or security concerns to follow someone through it,”So, tracking someone through it doesn’t cause privacy or security issues,”

It is of course, not without a reliable way to monitor connections without these two protocols being used. Of the 40 percent of apps listed above, however only 5 percent of apps use a mix of strong security devices (encrypting sensitive strings, encrypting data at rest, connecting the host and SSL keys, jailbreak monitoring, etc.). “Although secure APIs have been announced by Google and Apple, we can see that the idea of security and privacy is not yet widely spread among developers.”

If a monitoring app is to achieve control during a national tragedy, it would have to raise the number of users, and it has to instill the illusion that it is ‘secure’ in order to encourage more people to install it. These days, this is particularly the case because each individual responds sensitively to the use of personal details. That’s why the preparation of apps like this by national agencies should not fail to respect people’s privacy. You can’t just chuck an order to an outside provider and review the functions.

“Protecting privacy is more than just protecting people’s privacy or making trust in the government thicker,” he pointed out, “it has become a concept directly connected to health.” He also urged, “Now that the vaccine will be released slowly, the time of Corona will pass someday, and in that case, the tracking app developer or the governement in charge will have to thoroughly review the privacy.” “That will be the attitude to prepare for future disasters.”