Most Government-Sponsored COVID-19 Contact Tracing Apps Are Insecure and Risk Exposing Users’ Privacy and Data
(mi pare non sia passato in lista) https://www.guardsquare.com/en/blog/report-proliferation-covid-19-contact-tr... ... We assessed 17 Android mobile contact tracing apps from 17 different countries. All of these apps were built by government entities (though some have used third-party contractors, which we’ll cover later). ... Each of the categories analyzed below presents risk for mobile app security, including user location data and other information with privacy concerns attached. Without adequate protection, these apps could be tampered with or even copied and turned into “fake apps,” allowing malicious actors to trick citizens into downloading unapproved versions and giving away sensitive information. ... it’s clear that the vast majority of contact tracing apps built and deployed by governments are not sufficiently secured. They are easy for hackers to decompile, attack, and even create fake clones, and are likely to lead to security breaches if they have not already. -- EN ===================================================================== Prof. Enrico Nardelli Dipartimento di Matematica - Universita' di Roma "Tor Vergata" Via della Ricerca Scientifica snc - 00133 Roma tel: +39 06 7259.4204 fax: +39 06 7259.4699 mobile: +39 335 590.2331 e-mail: nardelli@mat.uniroma2.it home page: http://www.mat.uniroma2.it/~nardelli blog: http://www.ilfattoquotidiano.it/blog/enardelli/ http://link-and-think.blogspot.it/ ===================================================================== --
On Tue, Jun 23, 2020 at 02:09:33PM +0200, Enrico Nardelli wrote:
https://www.guardsquare.com/en/blog/report-proliferation-covid-19-contact-tr... ... We assessed 17 Android mobile contact tracing apps from 17 different countries.
Hai trovato una lista dei paesi in questione? L'articolo non lo dice e gli unici link che ci trovo sono link pubblicitari a loro servizi per "aiutare" i paesi in questione a rendere più sicure le app. Per carità, non dubito un secondo che molte app siano bucate come dei colabrodi, ma la forma di questi "report" commerciali mi infastidisce sempre. Ciao -- Stefano Zacchiroli . zack@upsilon.cc . upsilon.cc/zack . . o . . . o . o Computer Science Professor . CTO Software Heritage . . . . . o . . . o o Former Debian Project Leader & OSI Board Director . . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
No, mi spiace non ho approfondito la notizia... Il 23/06/2020 14:24, Stefano Zacchiroli ha scritto:
On Tue, Jun 23, 2020 at 02:09:33PM +0200, Enrico Nardelli wrote:
https://www.guardsquare.com/en/blog/report-proliferation-covid-19-contact-tr... ... We assessed 17 Android mobile contact tracing apps from 17 different countries.
Hai trovato una lista dei paesi in questione? L'articolo non lo dice e gli unici link che ci trovo sono link pubblicitari a loro servizi per "aiutare" i paesi in questione a rendere più sicure le app. Per carità, non dubito un secondo che molte app siano bucate come dei colabrodi, ma la forma di questi "report" commerciali mi infastidisce sempre.
Ciao
-- EN ===================================================================== Prof. Enrico Nardelli Dipartimento di Matematica - Universita' di Roma "Tor Vergata" Via della Ricerca Scientifica snc - 00133 Roma tel: +39 06 7259.4204 fax: +39 06 7259.4699 mobile: +39 335 590.2331 e-mail: nardelli@mat.uniroma2.it home page: http://www.mat.uniroma2.it/~nardelli blog: http://www.ilfattoquotidiano.it/blog/enardelli/ http://link-and-think.blogspot.it/ ===================================================================== --
participants (2)
-
Enrico Nardelli -
Stefano Zacchiroli