Cargando…
Checking Contact Tracing App Implementations with Bespoke Static Analysis
In the wake of the COVID-19 pandemic, contact tracing apps have been developed based on digital contact tracing frameworks. These allow developers to build privacy-conscious apps that detect whether an infected individual is in close proximity with others. Given the urgency of the problem, these app...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer Nature Singapore
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9517973/ https://www.ncbi.nlm.nih.gov/pubmed/36193263 http://dx.doi.org/10.1007/s42979-022-01357-w |
| _version_ | 1784799070762565632 |
|---|---|
| author | Flood, Robert Chan, Sheung Chi Chen, Wei Aspinall, David |
| author_facet | Flood, Robert Chan, Sheung Chi Chen, Wei Aspinall, David |
| author_sort | Flood, Robert |
| collection | PubMed |
| description | In the wake of the COVID-19 pandemic, contact tracing apps have been developed based on digital contact tracing frameworks. These allow developers to build privacy-conscious apps that detect whether an infected individual is in close proximity with others. Given the urgency of the problem, these apps have been developed at an accelerated rate with a brief testing period. Such quick development may have led to mistakes in the apps’ implementations, resulting in problems with their functionality, privacy and security. To mitigate these concerns, we develop and apply a methodology for evaluating the functionality, privacy and security of Android apps using the Google/Apple Exposure Notification API. This is a three-pronged approach consisting of a manual analysis, general static analysis and a bespoke static analysis, using a tool we have developed, dubbed MonSTER. As a result, we have found that, although most apps met the basic standards outlined by Google/Apple, there are issues with the functionality of some of these apps that could impact user safety. |
| format | Online Article Text |
| id | pubmed-9517973 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Springer Nature Singapore |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-95179732022-09-29 Checking Contact Tracing App Implementations with Bespoke Static Analysis Flood, Robert Chan, Sheung Chi Chen, Wei Aspinall, David SN Comput Sci Original Research In the wake of the COVID-19 pandemic, contact tracing apps have been developed based on digital contact tracing frameworks. These allow developers to build privacy-conscious apps that detect whether an infected individual is in close proximity with others. Given the urgency of the problem, these apps have been developed at an accelerated rate with a brief testing period. Such quick development may have led to mistakes in the apps’ implementations, resulting in problems with their functionality, privacy and security. To mitigate these concerns, we develop and apply a methodology for evaluating the functionality, privacy and security of Android apps using the Google/Apple Exposure Notification API. This is a three-pronged approach consisting of a manual analysis, general static analysis and a bespoke static analysis, using a tool we have developed, dubbed MonSTER. As a result, we have found that, although most apps met the basic standards outlined by Google/Apple, there are issues with the functionality of some of these apps that could impact user safety. Springer Nature Singapore 2022-09-28 2022 /pmc/articles/PMC9517973/ /pubmed/36193263 http://dx.doi.org/10.1007/s42979-022-01357-w Text en © The Author(s) 2022 https://creativecommons.org/licenses/by/4.0/Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) . |
| spellingShingle | Original Research Flood, Robert Chan, Sheung Chi Chen, Wei Aspinall, David Checking Contact Tracing App Implementations with Bespoke Static Analysis |
| title | Checking Contact Tracing App Implementations with Bespoke Static Analysis |
| title_full | Checking Contact Tracing App Implementations with Bespoke Static Analysis |
| title_fullStr | Checking Contact Tracing App Implementations with Bespoke Static Analysis |
| title_full_unstemmed | Checking Contact Tracing App Implementations with Bespoke Static Analysis |
| title_short | Checking Contact Tracing App Implementations with Bespoke Static Analysis |
| title_sort | checking contact tracing app implementations with bespoke static analysis |
| topic | Original Research |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9517973/ https://www.ncbi.nlm.nih.gov/pubmed/36193263 http://dx.doi.org/10.1007/s42979-022-01357-w |
| work_keys_str_mv | AT floodrobert checkingcontacttracingappimplementationswithbespokestaticanalysis AT chansheungchi checkingcontacttracingappimplementationswithbespokestaticanalysis AT chenwei checkingcontacttracingappimplementationswithbespokestaticanalysis AT aspinalldavid checkingcontacttracingappimplementationswithbespokestaticanalysis |