Research Article
A Study of the Privacy of COVID-19 Contact Tracing Apps
@INPROCEEDINGS{10.1007/978-3-030-63086-7_17, author={Haohuang Wen and Qingchuan Zhao and Zhiqiang Lin and Dong Xuan and Ness Shroff}, title={A Study of the Privacy of COVID-19 Contact Tracing Apps}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2020}, month={12}, keywords={Contact tracing app Program analysis COVID-19 Privacy}, doi={10.1007/978-3-030-63086-7_17} }- Haohuang Wen
Qingchuan Zhao
Zhiqiang Lin
Dong Xuan
Ness Shroff
Year: 2020
A Study of the Privacy of COVID-19 Contact Tracing Apps
SECURECOMM
Springer
DOI: 10.1007/978-3-030-63086-7_17
Abstract
The COVID-19 pandemic has spread across the globe and resulted in substantial loss of lives and livelihoods. To effectively fight this pandemic, many digital contact tracing mobile apps have been developed. Unfortunately, many of these apps lack transparency and thus escalate concerns about their security and privacy. In this paper, we seek to perform a systematic and cross-platform study of the privacy issues in official contact tracing apps worldwide. To this end, we have collected 41 released apps in total, many of which run on bothiOSandAndroidplatforms, and analyzed both their documentation and binary code. Our results show that some apps expose identifiable information that can enable fingerprinting of apps and tracking of specific users that raise security and privacy concerns. Further, some apps have inconsistent data collection behaviors across different mobile platforms even though they are designed for the same purpose.
