An Empirical Assessment of Global COVID-19 Contact Tracing Applications

This is the artifact accompanying the paper "An Empirical Assessment of Global COVID-19 Contact Tracing Applications", accepted by ICSE 2021. The artifact presents the first automated security and privacy assessment tool that tests contact tracing apps for security weaknesses, malware, embedded trackers and private information leakage. COVIDGUARDIAN outperforms 4 state-of-the-practice industrial and open-source tools. Note that, Although the tool is tailored to focus on contact tracing apps, it can also be adapted to other types of apps with respect to the NLP PII learning context, e.g., by changing the source & sink list or updating the sensitive PII keywords.

An Empirical Assessment of Global COVID-19 Contact Tracing Applications

The rapid spread of COVID-19 has made manual contact tracing difficult. Thus, various public health authorities have experimented with automatic contact tracing using mobile applications (or "apps"). These apps, however, have raised security and privacy concerns. In this paper, we propose an automated security and privacy assessment tool-COVIDGUARDIAN-which combines identification and analysis of Personal Identification Information (PII), static program analysis and data flow analysis, to determine security and privacy weaknesses. Furthermore, in light of our findings, we undertake a user study to investigate concerns regarding contact tracing apps. We hope that COVIDGUARDIAN, and the issues raised through responsible disdosure to vendors, can contribute to the safe deployment of mobile contact tracing. As part of this, we offer concrete guidelines, and highlight gaps between user requirements and app performance.

VenueTrace: A privacy-by-design COVID-19 digital contact tracing solution: Poster abstract

Rapid spread of the COVID-19 pandemic is making traditional manual contact tracing challenging;in response, digital contact tracing mobile apps have been developed by the software industry and promoted by governments and health authorities worldwide. However, deploying contact tracing apps across a population at scale have raised many privacy concerns. In this paper, we propose a venue-access-based contact tracing solution, VenueTrace, which preserves user privacy by designs by: (i) enabling the contact tracing of venue-to-user, instead of user-to-user;(ii) avoiding information exchanges between users;and (iii) ensuring no private data is exposed to back-end servers, while enabling proximity contact tracing. © 2020 Owner/Author.