BACKGROUND
Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data.
OBJECTIVE
The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information.
METHODS
We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app.
RESULTS
The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call.
CONCLUSIONS
The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.
Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement
