Dissecting contact tracing apps in the Android platform

Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fi...

Descripción completa

Detalles Bibliográficos
Autores principales: Kouliaridis, Vasileios, Kambourakis, Georgios, Chatzoglou, Efstratios, Geneiatakis, Dimitrios, Wang, Hua
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2021
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8121305/
https://www.ncbi.nlm.nih.gov/pubmed/33989350
http://dx.doi.org/10.1371/journal.pone.0251867
_version_ 1783692309782593536
author Kouliaridis, Vasileios
Kambourakis, Georgios
Chatzoglou, Efstratios
Geneiatakis, Dimitrios
Wang, Hua
author_facet Kouliaridis, Vasileios
Kambourakis, Georgios
Chatzoglou, Efstratios
Geneiatakis, Dimitrios
Wang, Hua
author_sort Kouliaridis, Vasileios
collection PubMed
description Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fight against the coronavirus pandemic. The work at hand offers a meticulous study of all the official Android contact tracing apps deployed hitherto by European countries. Each app is closely scrutinized both statically and dynamically by means of dynamic instrumentation. Depending on the level of examination, static analysis results are grouped in two axes. The first encompasses permissions, API calls, and possible connections to external URLs, while the second concentrates on potential security weaknesses and vulnerabilities, including the use of trackers, in-depth manifest analysis, shared software analysis, and taint analysis. Dynamic analysis on the other hand collects data pertaining to Java classes and network traffic. The results demonstrate that while overall these apps are well-engineered, they are not free of weaknesses, vulnerabilities, and misconfigurations that may ultimately put the user security and privacy at risk.
format Online
Article
Text
id pubmed-8121305
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-81213052021-05-24 Dissecting contact tracing apps in the Android platform Kouliaridis, Vasileios Kambourakis, Georgios Chatzoglou, Efstratios Geneiatakis, Dimitrios Wang, Hua PLoS One Research Article Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fight against the coronavirus pandemic. The work at hand offers a meticulous study of all the official Android contact tracing apps deployed hitherto by European countries. Each app is closely scrutinized both statically and dynamically by means of dynamic instrumentation. Depending on the level of examination, static analysis results are grouped in two axes. The first encompasses permissions, API calls, and possible connections to external URLs, while the second concentrates on potential security weaknesses and vulnerabilities, including the use of trackers, in-depth manifest analysis, shared software analysis, and taint analysis. Dynamic analysis on the other hand collects data pertaining to Java classes and network traffic. The results demonstrate that while overall these apps are well-engineered, they are not free of weaknesses, vulnerabilities, and misconfigurations that may ultimately put the user security and privacy at risk. Public Library of Science 2021-05-14 /pmc/articles/PMC8121305/ /pubmed/33989350 http://dx.doi.org/10.1371/journal.pone.0251867 Text en © 2021 Kouliaridis et al https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Kouliaridis, Vasileios
Kambourakis, Georgios
Chatzoglou, Efstratios
Geneiatakis, Dimitrios
Wang, Hua
Dissecting contact tracing apps in the Android platform
title Dissecting contact tracing apps in the Android platform
title_full Dissecting contact tracing apps in the Android platform
title_fullStr Dissecting contact tracing apps in the Android platform
title_full_unstemmed Dissecting contact tracing apps in the Android platform
title_short Dissecting contact tracing apps in the Android platform
title_sort dissecting contact tracing apps in the android platform
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8121305/
https://www.ncbi.nlm.nih.gov/pubmed/33989350
http://dx.doi.org/10.1371/journal.pone.0251867
work_keys_str_mv AT kouliaridisvasileios dissectingcontacttracingappsintheandroidplatform
AT kambourakisgeorgios dissectingcontacttracingappsintheandroidplatform
AT chatzoglouefstratios dissectingcontacttracingappsintheandroidplatform
AT geneiatakisdimitrios dissectingcontacttracingappsintheandroidplatform
AT wanghua dissectingcontacttracingappsintheandroidplatform

Ejemplares similares