The reviewed record of science sign in
Pith

arxiv: 2207.08978 · v2 · pith:UMLCSTEU · submitted 2022-07-18 · cs.CR · cs.CY

A Security & Privacy Analysis of US-based Contact Tracing Apps

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:UMLCSTEUrecord.jsonopen to challenge →

classification cs.CR cs.CY
keywords appsprivacycontactdevelopgaentracingapplecontain
0
0 comments X
read the original abstract

With the onset of COVID-19, governments worldwide planned to develop and deploy contact tracing (CT) apps to help speed up the contact tracing process. However, experts raised concerns about the long-term privacy and security implications of using these apps. Consequently, several proposals were made to design privacy-preserving CT apps. To this end, Google and Apple developed the Google/Apple Exposure Notification (GAEN) framework to help public health authorities develop privacy-preserving CT apps. In the United States, 26 states used the GAEN framework to develop their CT apps. In this paper, we empirically evaluate the US-based GAEN apps to determine 1) the privileges they have, 2) if the apps comply with their defined privacy policies, and 3) if they contain known vulnerabilities that can be exploited to compromise privacy. The results show that all apps violate their stated privacy policy and contain several known vulnerabilities.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.