“COVIDGuardian,” a tool developed by researchers from the Queen Mary University of London, can identify security and privacy risks associated with Covid-19 contact tracing apps.
The first automated security and privacy assessment tool analyzes contact tracing apps and alerts to threats such as malware, embedded trackers, and dangers to private information.
The researchers assessed the privacy and security of 40 Covid-19 contact tracing apps in use worldwide today, and COVIDGuardian showed 72.5% of them use at least one insecure cryptographic algorithm.
“Three-quarters of apps contained at least one tracker that reports information to third parties such as Facebook Analytics or Google Firebase. While most apps were free of malware, the Kyrgyzstan app ‘Stop Covid-19 KG’ was discovered to have malware,” the researchers said in a paper.
Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London, explains that the pandemic prompted the adoption of contact tracing apps to help to control the spread of Covid-19.
“Unsurprisingly we found that this had resulted in some relatively mainstream security bugs being introduced worldwide. Some of the most common risks relate to the use of out-of-date cryptographic algorithms and the storage of sensitive information in plain text formats that could be read by potential attackers,” she said.
Some of the most common problems were the use of out-of-date cryptographic algorithms and the storage of sensitive information in plain text formats without encryption.
The researchers also surveyed 370 individuals and showed that the privacy and accuracy of contact tracing apps are top priorities for individuals when they determine whether they would use a contact tracing app.
They will present the paper at the International Conference on Software Engineering on May 23-29, 2021.
