TousAntiCovid, the government’s Covid-19 tracking app, has been accused of putting the privacy of its users at risk. According to three computer security researchers, the statistics collection system launched in June, without user consent, poses a series of problems for the privacy and anonymity of the French.
in June, TousAntiCovid Updated with a new system for collecting statistics. This system aims to evaluate the effectiveness of the application by obtaining anonymous data. According to a team of researchers, “Collecting statistics goes against the principle of data minimization and puts security and privacy protections at risk.”.
In fact, the applied system turned out to be a special system greed in personal data. “Stats includes a very detailed event log, recording most actions taken by the user, with an accurate timestamp”Sorry to the experts after analyzing the application code. This data is collected every 12 hours.
TousAntiCovid poses a risk to privacy and anonymity
By combining the obtained data Implement different protocols, namely ROBERT and Cléa, it is possible to draw a picture of the habits of users. “If Alice and Bob had lunch together all week, their logs would contain nearly simultaneous events, and the server could notice a correlation between their data”Gaetan Laurent, one of the researchers behind the investigation, details on his Twitter account.
Ultimately, data can theoretically evolve “Social Graph” Social interactions between users. Concretely, it is possible that Determine that a TousAntiCovid user has gone for a drinkor eat in a restaurant, with another. By traversing other collected data, a user’s identity quickly becomes compromised.
This vulnerability is caused by the use of different security protocols that are not supposed to communicate with each other. Bluetooth tracking data can be linked to app statistics, notes the report prepared by the researchers. The breach was also expanded by addingFunction for storing and displaying sanitation permits. In fact, it is scroll “nominal”, the report states.
“These issues are directly related to the design choices of the TousAntiCovid application, in particular the choice to place different systems in the same application which should be independent”, Consider closing the report. in order to’Stop the risk of data breachesIn particular, researchers advise reducing the accuracy of timestamp information.
“Incurable web evangelist. Hipster-friendly gamer. Award-winning entrepreneur. Falls down a lot.”