Detection of SQLite Database Vulnerabilities in Android Apps

Collaboration in research is essential for saving time and money. The field of high-energy physics (HEP) is no different. The higher level of collaboration the stronger the community. The HEP field encourages organizing various events in format and size such as meetings, workshops and conferences. Making attending a HEP event easier leverages cooperation and dialogue and this is what makes Indico service defacto a community standard. The paper describes HEPCon, a cross-platform mobile application which collects all information available on Indico and makes it available on a portable device. It keeps most of the data locally which speeds up the interaction. HEP-Con uses a shared code base which allows easy multiplatform development and support. There are iOS and Android implementations available for free download. The project is based on C# and we use the Xamarin mobile app technology for building native iOS and Android apps. SQLite database is responsible for retrieving and storing conference data. The app can be used to preview data from past CHEP conferences but the tool is implemented generic enough to support other Indico events.

Download Full-text

Tracing or Tracking? A Preliminary Analysis of COVID-19 Outbreak Tracker Apps on Android and User Privacy (Preprint)

10.2196/preprints.19662 ◽

2020 ◽

Author(s):

Alex Akinbi ◽

Ehizojie Ojie

Keyword(s):

Preliminary Analysis ◽

Service Providers ◽

User Participation ◽

Memory Storage ◽

Phone Call ◽

Contact Tracing ◽

Privacy Rights ◽

User Privacy ◽

Android Apps ◽

User Data

BACKGROUND Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data. OBJECTIVE The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information. METHODS We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app. RESULTS The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call. CONCLUSIONS The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.

Download Full-text