Dissecting contact tracing apps in the Android platform

Kouliaridis, Vasileios; Kambourakis, Georgios; Chatzoglou, Efstratios; Geneiatakis, Dimitris; Wang, Hua

doi:10.1371/journal.pone.0251867

Cited by 20 publications

(21 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For ensuring the reproducibility of the results, we used the free-to-use "community" edition of the tool. It is to be noted that Ostorlab has been utilized in the context of analogous vulnerability analysis researches, including the ones in [7,8,13,14].…”

Section: Low-level Static Analysismentioning

confidence: 99%

See 1 more Smart Citation

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Chatzoglou

Kambourakis

Smiliotopoulos

2022

Sensors

Self Cite

View full text Add to dashboard Cite

The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem.

show abstract

Section: Low-level Static Analysismentioning

confidence: 99%

“…For both the analysis phases, when searching for weaknesses and vulnerabilities, we followed the methodology set out in the OWASP mobile security testing guide [3]. Actually, more or less the same methodology have been followed by [4] regarding static analysis, [5,6] regarding dynamic analysis, and [7,8] for both types of analysis.…”

mentioning

confidence: 99%

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Chatzoglou

Kambourakis

Smiliotopoulos

2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…Main features included in their analysis were usability, functionality, design, user perception, information and content and ethical issues. The work presented by Kouliaridis et al [4] is focused on twenty six (26) mobile apps collected from different European countries from Google play store. They performed both static and dynamic analyses of mobile apps by studying the permission, access level, weakness, misconfiguration, vulnerabilities and privacy issues.…”

Section: Related Workmentioning

confidence: 99%

Designing evaluation framework for the empirical assessment of COVID-19 mobile apps in Pakistan

Ali

Khan

2022

Computers and Electrical Engineering

View full text Add to dashboard Cite

“…With reference to the previous section and Table 3, eighteen countries are omitted because they currently do not offer such apps. For the interested reader, an analogous analysis but for official contact tracing apps available in European countries has been contributed by [9].…”

Section: App Analysismentioning

confidence: 99%

“…Moreover, the authors in [8] examined COVID-19 entirely from the Internet of Things (IoT) prism. On the other hand, the work in [9] provided a holistic security and privacy assessment of the official Android contact tracing apps supported by European countries, leaving out apps destined for COVID-19 digital certificates. To our knowledge, the most relevant work to ours is that in [10].…”

Section: Introductionmentioning

confidence: 99%

A Survey on Digital Certificates Approaches for the COVID-19 Pandemic

et al. 2021

Self Cite

View full text Add to dashboard Cite

Digital COVID-19 certificates serve as reliable proof that an individual was vaccinated, tested negative, or healed from COVID-19, facilitating health, occupational, educational, and travel activities during the pandemic. This paper contributes the first to our knowledge state-of-the-art and holistic review of this ecosystem, attempting to answer the following questions: (i) is there a harmonization among academia, organizations, and governments in terms of the certificate deployment technology?, (ii) what is the proliferation of such schemes worldwide and how similar are they?, and (iii) are smartphone applications that accompany such schemes privacy-preserving from an end-user's perspective? To respond to these questions, a four-tier approach is followed: (a) we scrutinize the so far academic works suggesting some type of digital certificate, highlighting common characteristics and weaknesses; (b) we constructively report on the different initiatives proposed by organizations or alliances; (c) we briefly review 54 country initiatives around the globe; and (d) we analyze both statically and dynamically all official Android smartphone applications offered for such certificates to reveal possible hiccups affecting the security or privacy of the end-user. From a bird's eye view, the great majority of the proposed or developed schemes follow either the blockchain model or the asymmetric cryptosystem, the spread of schemes especially in Europe and partly in Asia is high, some degree of distinctiveness among the relevant schemes developed by countries does exist, and there are substantial variations regarding the privacy level of the applications between Europe on the one hand and Asia and America on the other.

show abstract

Dissecting contact tracing apps in the Android platform

Cited by 20 publications

References 15 publications

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Designing evaluation framework for the empirical assessment of COVID-19 mobile apps in Pakistan

A Survey on Digital Certificates Approaches for the COVID-19 Pandemic

Contact Info

Product

Resources

About