ABSTRACT
This is the artifact accompanying the paper "An Empirical Assessment of Global COVID-19 Contact Tracing Applications", accepted by ICSE 2021. The artifact presents the first automated security and privacy assessment tool that tests contact tracing apps for security weaknesses, malware, embedded trackers and private information leakage. COVIDGUARDIAN outperforms 4 state-of-the-practice industrial and open-source tools. Note that, Although the tool is tailored to focus on contact tracing apps, it can also be adapted to other types of apps with respect to the NLP PII learning context, e.g., by changing the source & sink list or updating the sensitive PII keywords.
ABSTRACT
The rapid spread of COVID-19 has made manual contact tracing difficult. Thus, various public health authorities have experimented with automatic contact tracing using mobile applications (or "apps"). These apps, however, have raised security and privacy concerns. In this paper, we propose an automated security and privacy assessment tool-COVIDGUARDIAN-which combines identification and analysis of Personal Identification Information (PII), static program analysis and data flow analysis, to determine security and privacy weaknesses. Furthermore, in light of our findings, we undertake a user study to investigate concerns regarding contact tracing apps. We hope that COVIDGUARDIAN, and the issues raised through responsible disdosure to vendors, can contribute to the safe deployment of mobile contact tracing. As part of this, we offer concrete guidelines, and highlight gaps between user requirements and app performance.