Abstract

As this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

Highlights

  • As this paper is being written, the COVID-19 pandemic has spread across the world (Trackcorona 2020)

  • Our study focuses on the fulfillment of fundamental legal principles proposed in Hatamian (2020), the extent to which the privacy policy texts of COVID-19 contact tracing apps are correlated with what developers request and what they do in reality, and the discrepancies/similarities in apps’ privacy policies published by the EU and non-EU bodies in terms of covering fundamental privacy principles

  • Comparing the vulnerabilities detected in work done by (Papageorgiou et al 2018), it can be noted that COVID-19 contact tracing apps have significant and a high number of vulnerabilities. This can be supported by recent security analysis performed on COVID-19 contact tracing using Mobile Security Framework (MobSF) by Sun et al (Sun et al 2020), which shows the same magnitude of vulnerabilities we identified in our app set

Read more

Summary

Introduction

As this paper is being written, the COVID-19 pandemic has spread across the world (Trackcorona 2020). To manage and control the pandemic, countries and regions are taking different approaches. Enacting partial to full lockdown (with an exception of countries like Sweden), mandating safe physical-distancing measures, face mask wearing for general public, measures for closing/reopening schools and universities, encouraging remote working, border control, using manual and digital contact tracing, and using hygiene measures are among the widely adopted strategies to the pandemic (Han et al 2020). Many countries started the the introduction of contact tracing apps to manage and control the spread of the virus (EDPB 2020a). Contact tracing apps should complement and support the manual contact tracing as such a technology may not be able to penetrate in some populations (e.g. children or elderly). Manual contact tracing remains the main method of contact tracing (EDPB 2020a; Ferretti et al 2020)

Objectives
Methods
Results
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Data Management and Privacy Policy of COVID-19 Contact-Tracing Apps: Systematic Review and Content Analysis.
Marco Bardus ... Melodie Al Daccache
JMIR mHealth and uHealth | VOL. 10
Marco Bardus, et. al.Marco Bardus ... Melodie Al Daccache
12 Jul 2022
Factors Influencing the Adoption of Contact Tracing Applications: Systematic Review and Recommendations.
Kiemute Oyibo ... Arlene Oetomo
Frontiers in digital health | VOL. 4
Kiemute Oyibo, et. al.Kiemute Oyibo ... Arlene Oetomo
03 May 2022
COVID-19 vs Social Media Apps: Does Privacy Really Matter?
Omar Haggag ... John Grundy
-
Omar Haggag, et. al.Omar Haggag ... John Grundy
01 May 2021
A Study on Contact Tracing Apps for Covid-19: Privacy and Security Perspective
Auwal Shehu Ali ... Zarul Fitri Zaaba
Webology | VOL. 18
Auwal Shehu Ali, et. al.Auwal Shehu Ali ... Zarul Fitri Zaaba
29 Apr 2021
View more papers

More From: Empirical Software Engineering

Paper Title
Journal
Date
Author
Fixing Dockerfile smells: an empirical study
Giovanni Rosa ... Rocco Oliveto
Empirical Software Engineering | VOL. 29
Giovanni Rosa, et. al.Giovanni Rosa ... Rocco Oliveto
06 Jul 2024
Design smells in multi-language systems and bug-proneness: a survival analysis
Mouna Abidi ... Foutse Khomh
Empirical Software Engineering | VOL. 29
Mouna Abidi, et. al.Mouna Abidi ... Foutse Khomh
03 Jul 2024
What causes exceptions in machine learning applications? Mining machine learning-related stack traces on Stack Overflow
Amin Ghadesi ... Heng Li
Empirical Software Engineering | VOL. 29
Amin Ghadesi, et. al.Amin Ghadesi ... Heng Li
03 Jul 2024
Systematic Evaluation of Deep Learning Models for Log-based Failure Prediction
Fatemeh Hadadi ... Lionel Briand
Empirical Software Engineering | VOL. 29
Fatemeh Hadadi, et. al.Fatemeh Hadadi ... Lionel Briand
20 Jun 2024
View more papers