"Contact-Tracing Apps Still Expose Users to Security, Privacy Issues"
An analysis of 95 COVID-19 contact-tracing apps conducted by the mobile security firm Guardsquare revealed that 40% did not use the official API of the Exposure Notifications protocol created by Apple and Google to protect user privacy and security. The company looked at 52 Android apps and 43 iOS apps. Out of the 40% that did not use the official Exposure Notifications, only around 5% applied more than two out of the six essential security measures, including sensitive string encryption, data at rest encryption, jailbreak monitoring, and the linking of hosts to their SSL keys. Many of these applications use Global Positioning System (GPS) data to determine a user's location, which is then linked with identifying details such as their phone number or passport identifier. Mapping GPS location information to such details about a user poses a significant threat to users' security and privacy as it enables surveillance. This article continues to discuss the lack of the use of the Exposure Notifications protocol for many contact-tracing apps.
Dark Reading reports "Contact-Tracing Apps Still Expose Users to Security, Privacy Issues"