DeepAI AI Chat
Log In Sign Up

A Security Privacy Analysis of US-based Contact Tracing Apps

by   Joydeep Mitra, et al.
Stony Brook University

With the onset of COVID-19, governments worldwide planned to develop and deploy contact tracing (CT) apps to help speed up the contact tracing process. However, experts raised concerns about the long-term privacy and security implications of using these apps. Consequently, several proposals were made to design privacy-preserving CT apps. To this end, Google and Apple developed the Google/Apple Exposure Notification (GAEN) framework to help public health authorities develop privacy-preserving CT apps. In the United States, 26 states used the GAEN framework to develop their CT apps. In this paper, we empirically evaluate the US-based GAEN apps to determine 1) the privileges they have, 2) if the apps comply with their defined privacy policies, and 3) if they contain known vulnerabilities that can be exploited to compromise privacy. The results show that all apps violate their stated privacy policy and contain several known vulnerabilities.


page 1

page 2

page 3

page 4


Vetting Security and Privacy of Global COVID-19 Contact Tracing Applications

The rapid spread of COVID-19 has made traditional manual contact tracing...

DIMY: Enabling Privacy-preserving Contact Tracing

The infection rate of COVID-19 and lack of an approved vaccine has force...

Mind the GAP: Security Privacy Risks of Contact Tracing Apps

Contact tracing apps running on mobile devices promise to reduce the man...

Risk score learning for COVID-19 contact tracing apps

Digital contact tracing apps for COVID-19, such as the one developed by ...

COVID-19 Contact-tracing Apps: A Survey on the Global Deployment and Challenges

In response to the coronavirus disease (COVID-19) outbreak, there is an ...

Preservation of DNA Privacy During the Large Scale Detection of COVID-19

As humanity struggles to contain the global COVID-19 pandemic, privacy c...