Most contact tracing apps fail at privacy and security


A study of 17 Android mobile contact tracing apps from 17 different countries found that most government-sponsored contact tracing apps are insecure and risk exposing users’ privacy and data. The researchers used the presence or absence of six basic hardening techniques: name obfuscation (just one app of the 17), string encryption (29%), asset/resource encryption (6%), class encryption (6%), root detection (41%), and emulator detection (18%) as indicators of the overall level of in-app security. Three of these apps, from countries that combined have a population of 1.4 billion, are mandatory.

Writer: Guardsquare
Publication: Guardsquare

Related learning resources