TY - JOUR
T1 - A First Look at Privacy Analysis of COVID-19 Contact-Tracing Mobile Applications
AU - Azad, Muhammad Ajmal
AU - Arshad, Junaid
AU - Akmal, Syed Muhammad Ali
AU - Riaz, Farhan
AU - Abdullah, Sidrah
AU - Imran, Muhammad
AU - Ahmad, Farhan
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2021/11/1
Y1 - 2021/11/1
N2 - Today's smartphones are equipped with a large number of powerful value-added sensors and features, such as a low-power Bluetooth sensor, powerful embedded sensors, such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and a camera, etc. These value-added sensors have revolutionized the lives of the human being in many ways, such as tracking the health of the patients and the movement of doctors, tracking employees movement in large manufacturing units, monitoring the environment, etc. These embedded sensors could also be used for large-scale personal, group, and community sensing applications especially tracing the spread of certain diseases. Governments and regulators are turning to use these features to trace the people's thoughts to have symptoms of certain diseases or viruses, e.g., COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking, and isolating the persons showing COVID-19 symptoms to limit the spread of the disease to the larger community. The use of embedded sensors could disclose private information of the users, thus potentially bring a threat to the privacy and security of users. In this article, we analyzed a large set of smartphone applications that have been designed to contain the spread of the COVID-19 virus and bring the people back to normal life. Specifically, we have analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices are transported to the analytic center, and analyzing the security measures these apps have deployed to ensure the privacy and security of users.
AB - Today's smartphones are equipped with a large number of powerful value-added sensors and features, such as a low-power Bluetooth sensor, powerful embedded sensors, such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and a camera, etc. These value-added sensors have revolutionized the lives of the human being in many ways, such as tracking the health of the patients and the movement of doctors, tracking employees movement in large manufacturing units, monitoring the environment, etc. These embedded sensors could also be used for large-scale personal, group, and community sensing applications especially tracing the spread of certain diseases. Governments and regulators are turning to use these features to trace the people's thoughts to have symptoms of certain diseases or viruses, e.g., COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking, and isolating the persons showing COVID-19 symptoms to limit the spread of the disease to the larger community. The use of embedded sensors could disclose private information of the users, thus potentially bring a threat to the privacy and security of users. In this article, we analyzed a large set of smartphone applications that have been designed to contain the spread of the COVID-19 virus and bring the people back to normal life. Specifically, we have analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices are transported to the analytic center, and analyzing the security measures these apps have deployed to ensure the privacy and security of users.
KW - Contact-tracing applications
KW - COVID-19
KW - pandemic response
KW - privacy preservation
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85118405530&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2020.3024180
DO - 10.1109/JIOT.2020.3024180
M3 - Article
AN - SCOPUS:85118405530
VL - 8
SP - 15796
EP - 15806
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
SN - 2327-4662
IS - 21
M1 - 9199262
ER -