Affordable Access

deepdyve-link
Publisher Website

Dissecting contact tracing apps in the Android platform.

Authors
  • Kouliaridis, Vasileios1
  • Kambourakis, Georgios2
  • Chatzoglou, Efstratios1
  • Geneiatakis, Dimitrios3
  • Wang, Hua4
  • 1 Department of Information & Communication Systems Engineering, University of the Aegean, Karlovasi, Greece. , (Greece)
  • 2 European Commission, Joint Research Centre (JRC), Karlovasi, Italy. , (Italy)
  • 3 European Commission, Directorate-General for Informatics, Bruxelles/Brussel, Belgium. , (Belgium)
  • 4 Institute of Sustainable Industries and Liveable Cities, Victoria University, Melbourne, Australia. , (Australia)
Type
Published Article
Journal
PLoS ONE
Publisher
Public Library of Science
Publication Date
Jan 01, 2021
Volume
16
Issue
5
Identifiers
DOI: 10.1371/journal.pone.0251867
PMID: 33989350
Source
Medline
Language
English
License
Unknown

Abstract

Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fight against the coronavirus pandemic. The work at hand offers a meticulous study of all the official Android contact tracing apps deployed hitherto by European countries. Each app is closely scrutinized both statically and dynamically by means of dynamic instrumentation. Depending on the level of examination, static analysis results are grouped in two axes. The first encompasses permissions, API calls, and possible connections to external URLs, while the second concentrates on potential security weaknesses and vulnerabilities, including the use of trackers, in-depth manifest analysis, shared software analysis, and taint analysis. Dynamic analysis on the other hand collects data pertaining to Java classes and network traffic. The results demonstrate that while overall these apps are well-engineered, they are not free of weaknesses, vulnerabilities, and misconfigurations that may ultimately put the user security and privacy at risk.

Report this publication

Statistics

Seen <100 times