COVID-19 One Year on - Security and Privacy Review of Contact Tracing Mobile Apps

The ongoing Coronavirus Disease 2019 (COVID-19) pandemic has caused 3.8 million deaths since December 2019. At the current vaccination pace, this global pandemic could persist for several years. Throughout the world, contact tracing (CT) apps were developed, which play a significant role in mitigati...

Full description

Saved in:
Bibliographic Details
Published inIEEE pervasive computing Vol. 20; no. 4; pp. 61 - 70
Main Authors Ang, Vincent, Shar, Lwin Khin
Format Journal Article
LanguageEnglish
Published New York IEEE 01.10.2021
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Algorithms
Applications programs
Codes
Contact tracing
Coronaviruses
COVID-19
Cryptography
Cybersecurity
Government
Mobile computing
Pandemics
Privacy
Viral diseases
Online AccessGet full text

Cover

More Information
Summary:The ongoing Coronavirus Disease 2019 (COVID-19) pandemic has caused 3.8 million deaths since December 2019. At the current vaccination pace, this global pandemic could persist for several years. Throughout the world, contact tracing (CT) apps were developed, which play a significant role in mitigating the spread of COVID-19. This work examines the current state of security and privacy landscape of mobile CT apps. Our work is the first attempt, to our knowledge, which provides a comprehensive analysis of 70 CT apps used worldwide as of the year Q1 2021. Among other findings, we observed that 80% of them may have handled sensitive data without adequate protection, 70% of them used weak cryptographic algorithms, and 35% of them embedded data trackers. We also observed key developments in app privacy protection and security assurance initiatives. Our findings provide useful insights into the design and deployment of more secure and privacy-preserving CT apps moving forward.
ISSN:1536-1268
1558-2590
DOI:10.1109/MPRV.2021.3115478