A First Look at Contact Tracing Apps
Today's smartphones come with a large number of powerful additional devices such as a low power Bluetooth sensor, powerful embedded sensors such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and camera. These value-added sensors revolutionize many sectors of today's community including tracking, social networking, healthcare, manufacturing, and monitoring of the environment, etc. These additional embedded sensors could be used for large-scale personal, group, and community sensing applications. Governments and regulators are turning to use these features of the smartphone technology to trace the people thought to have symptoms of certain diseases or virus e.g. COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking and isolating the persons showing COVID-19 symptoms in-order to overcome the contagious disease. As the embedded sensors could disclose private information of the users thus potentially bring threat to the privacy and security of users. In this paper, we analyzed a large set of smartphone applications that have been designed by the governments to deal with the COVID-19 outbreak and bring the people back to normal life. Specifically, we analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices is transported to the analytics center, what security measures apps have deployed, and what privacy threats these features could have.
READ FULL TEXT