You are using an older browser version. Please use a supported version for the best MSN experience.

Data privacy and safety: How secure are contact tracing Covid-19 apps?

The Financial Express logo The Financial Express 29-06-2020 FE Bureau
Data privacy and safety: How secure are contact tracing Covid-19 apps? © Provided by The Financial Express Data privacy and safety: How secure are contact tracing Covid-19 apps? he higher adoption rate of such apps has raised many questions around the privacy of individuals' data that the app may access, and the potential abuse of such systems. © Provided by The Financial Express he higher adoption rate of such apps has raised many questions around the privacy of individuals' data that the app may access, and the potential abuse of such systems.

There has been a surge in the number of coronavirus contact-tracing mobile apps worldwide. These are backed by various governments and national health authorities. Special protocols have also been developed by the two major smartphone OS vendors Apple and Google, along with the guidelines by EU. The higher adoption rate of such apps has raised many questions around the privacy of individuals' data that the app may access, and the potential abuse of such systems. Security researchers at Check Point have flagged the following concerns about contact tracing applications:

Devices can be traced. As some contact tracing apps rely on Bluetooth Low Energy (BLE), devices broadcast handshake packets that facilitate identification of contact with other devices. If not implemented correctly, hackers can trace a person's device by correlating devices and their respective identification packets.

Personal data can be compromised. Apps store contact logs, encryption keys and other sensitive data on devices. Sensitive data should be encrypted and stored in the application sandbox and not on shared locations. Even within the sandbox, gaining root privileges or physical access to the device, could compromise the data, more so if information such as GPS locations are stored.

Interception of an app's traffic. Users can be susceptible to "man-in-the-middle" attacks and the interception of the app's traffic if all communications with the app’s back-end server are not properly encrypted.

It is important that contact apps perform authentication when information is submitted to its servers, such as when a user posts their diagnosis and contact logs. Without proper authorisation in place, it could be possible to flood the servers with fake health reports, undermining the reliability of the whole system.

How to stay protected:

Install contact-tracing Covid-19 apps from official app stores, as they only allow authorised government agencies to publish such apps.

Download and install a mobile security solution to scan applications and protect the device against malware, as well as verify that the device has not been compromised.

Jonathan Shimonovich, manager of mobile research, Check Point, says, "Contact tracing apps must maintain a delicate balance between privacy and security, since poor implementation of security standards may put users' data at risk. This comes down to questions on what data is collected, how it is stored and, how it is distributed."

More From The Financial Express

The Financial Express
The Financial Express
image beaconimage beaconimage beacon