Publication Type

Journal Article

Version

submittedVersion

Publication Date

10-2021

Abstract

The ongoing COVID-19 pandemic caused 3.8 million deaths since December 2019. At the current vaccination pace, this global pandemic could persist for several years. Throughout the world, contact tracing (CT) apps were developed, which play a significant role in mitigating the spread of COVID-19. This work examines the current state of security and privacy landscape of mobile CT apps. Our work is the first attempt, to our knowledge, which provides a comprehensive analysis of 70 CT apps used worldwide as of year Q1 2021. Among other findings, we observed that 80% of them may have handled sensitive data without adequate protection, 70% of them uses weak cryptographic algorithms and 35% of them embeds data trackers. We also observed key developments in app privacy protection and security assurance initiatives. Our findings provide useful insights to the design and deployment of more secure and privacy preserving CT apps moving forward.

Keywords

mobile software security, data security, government contact tracing, Covid-19, public health, vaccination

Discipline

Asian Studies | Information Security | Public Health | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

IEEE Pervasive Computing

Volume

20

Issue

4

First Page

61

Last Page

70

ISSN

1536-1268

Identifier

10.1109/MPRV.2021.3115478

Publisher

Institute of Electrical and Electronics Engineers

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/MPRV.2021.3115478

Download

Share

COinS