Data privacy and safety: How secure are contact tracing Covid-19 apps?

By: |
Published: June 29, 2020 6:30 AM

It is important that contact apps perform authentication when information is submitted to its servers, such as when a user posts their diagnosis and contact logs.

he higher adoption rate of such apps has raised many questions around the privacy of individuals’ data that the app may access, and the potential abuse of such systems. he higher adoption rate of such apps has raised many questions around the privacy of individuals’ data that the app may access, and the potential abuse of such systems.

There has been a surge in the number of coronavirus contact-tracing mobile apps worldwide. These are backed by various governments and national health authorities. Special protocols have also been developed by the two major smartphone OS vendors Apple and Google, along with the guidelines by EU. The higher adoption rate of such apps has raised many questions around the privacy of individuals’ data that the app may access, and the potential abuse of such systems. Security researchers at Check Point have flagged the following concerns about contact tracing applications:

Devices can be traced. As some contact tracing apps rely on Bluetooth Low Energy (BLE), devices broadcast handshake packets that facilitate identification of contact with other devices. If not implemented correctly, hackers can trace a person’s device by correlating devices and their respective identification packets.

Personal data can be compromised. Apps store contact logs, encryption keys and other sensitive data on devices. Sensitive data should be encrypted and stored in the application sandbox and not on shared locations. Even within the sandbox, gaining root privileges or physical access to the device, could compromise the data, more so if information such as GPS locations are stored.

Interception of an app’s traffic. Users can be susceptible to “man-in-the-middle” attacks and the interception of the app’s traffic if all communications with the app’s back-end server are not properly encrypted.

It is important that contact apps perform authentication when information is submitted to its servers, such as when a user posts their diagnosis and contact logs. Without proper authorisation in place, it could be possible to flood the servers with fake health reports, undermining the reliability of the whole system.

How to stay protected:

Install contact-tracing Covid-19 apps from official app stores, as they only allow authorised government agencies to publish such apps.
Download and install a mobile security solution to scan applications and protect the device against malware, as well as verify that the device has not been compromised.

Jonathan Shimonovich, manager of mobile research, Check Point, says, “Contact tracing apps must maintain a delicate balance between privacy and security, since poor implementation of security standards may put users’ data at risk. This comes down to questions on what data is collected, how it is stored and, how it is distributed.”

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Samsung now offering customer care service through WhatsApp for quick, contactless support
2Aarogya Setu adds three big features for users including delete account option; All you need to know
3US tech giants Facebook, Google, Twitter suspend review of Hong Kong data requests, TikTok to pull out