AGL40▲ 0 (0.00%)AIRLINK129.06▼ -0.47 (0.00%)BOP6.75▲ 0.07 (0.01%)CNERGY4.49▼ -0.14 (-0.03%)DCL8.55▼ -0.39 (-0.04%)DFML40.82▼ -0.87 (-0.02%)DGKC80.96▼ -2.81 (-0.03%)FCCL32.77▲ 0 (0.00%)FFBL74.43▼ -1.04 (-0.01%)FFL11.74▲ 0.27 (0.02%)HUBC109.58▼ -0.97 (-0.01%)HUMNL13.75▼ -0.81 (-0.06%)KEL5.31▼ -0.08 (-0.01%)KOSM7.72▼ -0.68 (-0.08%)MLCF38.6▼ -1.19 (-0.03%)NBP63.51▲ 3.22 (0.05%)OGDC194.69▼ -4.97 (-0.02%)PAEL25.71▼ -0.94 (-0.04%)PIBTL7.39▼ -0.27 (-0.04%)PPL155.45▼ -2.47 (-0.02%)PRL25.79▼ -0.94 (-0.04%)PTC17.5▼ -0.96 (-0.05%)SEARL78.65▼ -3.79 (-0.05%)TELE7.86▼ -0.45 (-0.05%)TOMCL33.73▼ -0.78 (-0.02%)TPLP8.4▼ -0.66 (-0.07%)TREET16.27▼ -1.2 (-0.07%)TRG58.22▼ -3.1 (-0.05%)UNITY27.49▲ 0.06 (0.00%)WTL1.39▲ 0.01 (0.01%)

Sunday, November 24, 2024

Home Islamabad Govt refutes French security researcher’s allegations of Covid-19 app being ‘unsafe’

Govt refutes French security researcher’s allegations of Covid-19 app being ‘unsafe’

by News desk
June 11, 2020
in Islamabad

[tta_listen_btn]

Staff Reporter

The government on Wednesday rejected reports that its newly released app Covid-19 Gov PK contained security flaws and bugs after a French security researcher said that it had several issues including privacy concerns, in a social media thread.
A press release by National Information Technology Board (NITB) said the issues put forward by a French French researcher were incorrect.
“The purpose of the app is to stop the epidemic spread. A very limited personal information of the user is collected. The app does not show the exact coordinates of the infected people, instead, it shows the radius parameter that is fixed by default at 10 meters for self-declared patients and 300 meters at a quarantine location. Hence, self-declared patients have given their consent to reveal their coordinates for the safety of other citizens. Moreover, they have accepted our app privacy policy/terms and conditions,” it said.
It added, “No user login mechanism is present in the app. Therefore, the use of login and passwords are not part of app workflow. The screenshot mentioning the hardcoded password is the defined keyword to give more security to auto-token endpoint, so that endpoint can only be used from mobile apps.”
“All our API’s communicate using HTTPS. Hence, security and protection of data of users as per international standards is of prime importance and implemented at the core,” it added.
Security flaws in app
In a thread on Twitter, a French security researcher who goes by the name Elliot Alderson (also a television character who is a cybersecurity engineer in hit TV show ‘Mr Robot’) on Tuesday said that he has “analysed” the app and found several serious deficiencies in it.
“Yesterday night, I analysed ‘Covid-19 Gov PK’ the official #Covid19 mobile app made by the Pakistani government. Hardcoded passwords, insecure connections, privacy issues, … nothing is ok with this app,” he wrote.
The app is “made by the Ministry of IT and Telecom with National Information Technology Board, is available on the PlayStore and has been downloaded more than 500,000 times”, noted Alderson.
It released on March 27, according to the Google Play Store.
According to Alderson, the app is not a contact tracing app and lets a user view dashboards for each province and state.
“You can do a self-assessment, get radius alert, get a popup notification reminding the user of their personal hygiene,” he wrote, as he described his user experience.