Dissecting contact tracing apps in the Android platform
Contact tracing has historically been used to decelerate the spread of infectious diseases, but if it is exercised manually, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has swiftly arose as a valuable asset in the global fight against the coronavirus pandemic. The paper at hand offers an analysis of all Android contact tracing apps deployed hitherto by European countries. Each app was closely scrutinised both statically and dynamically by means of dynamic instrumentation. The results reported from static analysis include permissions, API calls, and possible connections to external URLs. Dynamic analysis on the other hand collected data pertaining to Java classes, network traffic, and intents. After defining a baseline policy regarding the permissions required by such an app under the prism of the "exposure notification" system proposed by Apple/Google, we present several key findings regarding both the aforementioned types of analysis with a focus on user privacy and personal data protection.
READ FULL TEXT