Checking Contact Tracing App Implementations

Robert Flood, Sheung Chi Chan, Wei Chen, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the wake of the COVID-19 pandemic, contact tracing apps have been developed based on digital contact tracing frameworks. These allow developers to build privacy-conscious apps that detect whether an infected individual is in close-proximity with others. Given the urgency of the problem, these apps have been developed at an accelerated rate with a brief testing period. Such quick development may have led to mistakes in the apps’ implementations, resulting in problems with their functionality, privacy and security. To mitigate these concerns, we develop and apply a methodology for evaluating the functionality, privacy and security of Android apps using the Google/Apple Exposure Notification API. This is a three-pronged approach consisting of a manual analysis, general static analysis and a bespoke static analysis, using a tool we’ve developed, dubbed MonSTER. As a result, we have found that, although most apps met the basic standards outlined by Google/Apple, there are issues with th e functionality of some of these apps that could impact user safety.
Original languageEnglish
Title of host publication Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP
PublisherSCITEPRESS
Pages133-144
Number of pages12
ISBN (Print)978-989-758-491-6
DOIs
Publication statusPublished - 11 Feb 2021
Event7th International Conference on Information Systems Security and Privacy - Online
Duration: 11 Feb 202113 Feb 2021
http://www.icissp.org/?y=2021

Publication series

Name
PublisherScitepress
ISSN (Electronic)2184-4356

Conference

Conference7th International Conference on Information Systems Security and Privacy
Abbreviated titleICISSP 2021
Period11/02/2113/02/21
Internet address

Keywords

  • Static Analysis
  • Covid-19
  • Contact Tracing
  • Android

Fingerprint

Dive into the research topics of 'Checking Contact Tracing App Implementations'. Together they form a unique fingerprint.

Cite this