Tracing or Tracking? A Preliminary Analysis of COVID-19 Outbreak Tracker Apps on Android and User Privacy (Preprint)

2020 ◽  
Author(s):  
Alex Akinbi ◽  
Ehizojie Ojie
Keyword(s):  
Preliminary Analysis ◽  
Service Providers ◽  
User Participation ◽  
Memory Storage ◽  
Phone Call ◽  
Contact Tracing ◽  
Privacy Rights ◽  
User Privacy ◽  
Android Apps ◽  
User Data

BACKGROUND Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data. OBJECTIVE The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information. METHODS We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app. RESULTS The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call. CONCLUSIONS The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.

scholarly journals Evaluating the trade-off between privacy, public health safety, and digital security in a pandemic

Data & Policy ◽  
2021 ◽  
Vol 3 ◽  
Author(s):  
Titi Akinsanmi ◽  
Aishat Salami
Keyword(s):  
Health Sector ◽  
Personal Health Information ◽  
Contact Tracing ◽  
Privacy Rights ◽  
User Privacy ◽  
Trade Off ◽  
Accountability Measures ◽  
Knowing That ◽  
User Data ◽  
And Control

Abstract COVID-19 has impacted all aspects of everyday normalcy globally. During the height of the pandemic, people shared their (PI) with one goal—to protect themselves from contracting an “unknown and rapidly mutating” virus. The technologies (from applications based on mobile devices to online platforms) collect (with or without informed consent) large amounts of PI including location, travel, and personal health information. These were deployed to monitor, track, and control the spread of the virus. However, many of these measures encouraged the trade-off on privacy for safety. In this paper, we reexamine the nature of privacy through the lens of safety focused on the health sector, digital security, and what constitutes an infraction or otherwise of the privacy rights of individuals in a pandemic as experienced in the past 18 months. This paper makes a case for maintaining a balance between the benefit, which the contact tracing apps offer in the containment of COVID-19 with the need to ensure end-user privacy and data security. Specifically, it strengthens the case for designing with transparency and accountability measures and safeguards in place as critical to protecting the privacy and digital security of users—in the use, collection, and retention of user data. We recommend oversight measures to ensure compliance with the principles of lawful processing, knowing that these, among others, would ensure the integration of privacy by design principles even in unforeseen crises like an ongoing pandemic; entrench public trust and acceptance, and protect the digital security of people.

scholarly journals Contact tracing apps for COVID-19 pandemic: Challenges and potential

2020 ◽  
Author(s):  
Alex Akinbi ◽  
Mark Forshaw ◽  
Victoria Blinkhorn
Keyword(s):  
Public Health ◽  
Ethical Issues ◽  
User Behavior ◽  
Contact Tracing ◽  
Privacy Rights ◽  
User Privacy ◽  
Health Crisis ◽  
Liberal Societies ◽  
Public Health Authorities ◽  
User Data

The COVID-19 pandemic has spread with increased fatalities around the world and has become an international public health crisis. Public health authorities in many countries have introduced contact tracing apps to track and trace infected persons as part of measures to contain the spread of the Severe Acute Respiratory Syndrome-Coronavirus 2 (SARS-CoV-2). However, there are major concerns about its efficacy and privacy with affects mass acceptance amongst a population. This review encompasses the current challenges facing this technology in the fight against the COVID-19 pandemic in neo-liberal societies. We explore and discuss the plausibility for abuse of user privacy rights as such apps collect private user data and can be repurposed by governments for surveillance on their citizens. Other challenges identified and discussed include ethical issues, security vulnerabilities, user behavior and participation, and technical constraints. Finally, in the analysis of this review, recommendations to address these challenges and considerations in the use of less invasive digital contact tracing technologies for future pandemics are presented. For policy makers in neo-liberal societies, this study provides an in-depth review of issues that must be addressed, highlights recommendations to improve the efficacy of such apps, and could facilitate mass acceptance amongst users.

scholarly journals Analisis privasi data pengguna contact tracing application pengendalian COVID-19 di Indonesia berdasarkan PERPRES RI No. 95 tahun 2018 tentang sistem pemerintahan berbasis elektronik

Teknologi ◽  
2021 ◽  
Vol 11 (1) ◽  
pp. 46-58
Author(s):  
Syifa Ilma Nabila Suwandi ◽  
◽  
Xavier Wahyuadi Seloatmodjo ◽  
Alexandra Situmorang ◽  
Nur Aini Rakhmawati ◽  
...  
Keyword(s):  
Data Privacy ◽  
Continuous System ◽  
Contact Tracing ◽  
Privacy Policy ◽  
User Privacy ◽  
Literature Study ◽  
Privacy Policies ◽  
Three Samples ◽  
User Data ◽  
The Republic

The presence of user contact applications in the community as a means of preventing and overcoming the spread of COVID-19 can pose another risk to the potential dangers of protecting data privacy from contact tracing. This research examines more deeply related to user privacy policies through 3 (three) samples of android-based user contact applications that are used as a means of preventing, overcoming and controlling the spread of the COVID-19 virus in today's society and by reviewing the rules contained in the Presidential Regulation of the Republic. Indonesian No. 95 of 2018 concerning Electronic-Based Government Systems (SPBE). The study in this study was prepared using the method of literature study, observation and qualitative analysis. A comparison was made regarding the data privacy of the three samples, which was then evaluated and matched with the form of the privacy policy according to Presidential Regulation No. 95 of 2018 concerning Electronic-Based Government Systems (SPBE) and according to the ideal form of data privacy policy based on several experts. Comparative data is obtained through related applications and other electronic media which are then discussed together to conclude and evaluate the data privacy policies of the three sample applications. Based on this research, it can be concluded that privacy intervention to deal with damage and save lives is legal as long as its use is in accordance with regulations in the health, disaster, telecommunications, informatics and other related fields; in this case listed in the Presidential Decree No. 95 of 2018 concerning Electronic-Based Government Systems (SPBE) and there needs to be an increase in efforts to maintain the security and confidentiality of user data privacy through continuous system and data maintenance, encryption of data privacy storage in the manager's data warehouse and added with other data privacy policies can guarantee the security and confidentiality of the privacy of user data.

scholarly journals A Reputation-Based Identity Management Model for Cloud Computing

2015 ◽  
Vol 2015 ◽  
pp. 1-15 ◽  
Author(s):  
Lifa Wu ◽  
Shengli Zhou ◽  
Zhenji Zhou ◽  
Zheng Hong ◽  
Kangyu Huang
Keyword(s):  
Cloud Computing ◽  
Identity Management ◽  
Service Providers ◽  
Cloud Service ◽  
Cloud Services ◽  
Management Model ◽  
User Privacy ◽  
Cloud Providers ◽  
User Data ◽  
User Reputation

In the field of cloud computing, most research on identity management has concentrated on protecting user data. However, users typically leave a trail when they access cloud services, and the resulting user traceability can potentially lead to the leakage of sensitive user information. Meanwhile, malicious users can do harm to cloud providers through the use of pseudonyms. To solve these problems, we introduce a reputation mechanism and design a reputation-based identity management model for cloud computing. In the model, pseudonyms are generated based on a reputation signature so as to guarantee the untraceability of pseudonyms, and a mechanism that calculates user reputation is proposed, which helps cloud service providers to identify malicious users. Analysis verifies that the model can ensure that users access cloud services anonymously and that cloud providers assess the credibility of users effectively without violating user privacy.

scholarly journals PRIVACY IN ADVANCED CRYPTOGRAPHIC PROTOCOLS: PROTOTYPICAL EXAMPLES

2021 ◽  
Vol 37 (4) ◽  
pp. 429-451
Author(s):  
Phan Duong Hieu ◽  
Moti Yung
Keyword(s):  
Big Data ◽  
Privacy Protection ◽  
Personal Information ◽  
Cryptographic Protocols ◽  
Cloud Services ◽  
Contact Tracing ◽  
Learning Tools ◽  
User Privacy ◽  
User Data ◽  
The Right

Cryptography is the fundamental cornerstone of cybersecurity employed for achieving data confidentiality, integrity, and authenticity. However, when cryptographic protocols are deployed for emerging applications such as cloud services or big data, the demand for security grows beyond these basic requirements. Data nowadays are being extensively stored in the cloud, users also need to trust the cloud servers/authorities that run powerful applications. Collecting user data, combined with powerful machine learning tools, can come with a huge risk of mass surveillance or undesirable data-driven strategies for making profits rather than for serving the user. Privacy, therefore, becomes more and more important, and new techniques should be developed to protect personal information and to reduce trust requirements on the authorities or the Big Tech providers. In a general sense, privacy is ``the right to be left alone'' and privacy protection allows individuals to have control over how their personal information is collected and used. In this survey, we discuss the privacy protection methods of various cryptographic protocols, in particular we review: - Privacy in electronic voting systems. This may be, perhaps, the most important real-world application where privacy plays a fundamental role. %classical authentication with group, ring signatures, anonymous credentials. - Private computation. This may be the widest domain in the new era of modern technologies with cloud computing and big data, where users delegate the storage of their data and the computation to the cloud. In such a situation, ``how can we preserve privacy?'' is one of the most important questions in cryptography nowadays. - Privacy in contact tracing. This is a typical example of a concrete study on a contemporary scenario where one should deal with the unexpected social problem but needs not pay the cost of weakening the privacy of users. Finally, we will discuss some notions which aim at reinforcing privacy by masking the type of protocol that we execute, we call it the covert cryptographic primitives and protocols.

scholarly journals 32.K. Skills building seminar: Using participatory health research to optimise psycho-oncological patient information material

2020 ◽  
Vol 30 (Supplement_5) ◽  
Author(s):  
◽  
Keyword(s):  
Patient Information ◽  
Health Research ◽  
Service Providers ◽  
Complex Interventions ◽  
User Participation ◽  
End Users ◽  
Vulnerable Groups ◽  
Participatory Health Research ◽  
Practical Instrument

Abstract Patient information material (PIM) is omnipresent in healthcare. It is used to convey information or to familiarize potential end-users to offers of support. PIM recaps or elaborates on relevant information and offers recommendation for action. However, the quality of available PIM varies. When the formal and content-related quality of PIM is suboptimal, it not only fails to be effective but can also lead to uncertainty, misunderstandings, resistance or ignorance (e.g. of a support offer). Highly complex information requires much attention on the quality of the PIM, especially with respect to end-users (e.g. vulnerable groups). Excellent communication through the use of PIM is thus essential within complex interventions. Checklists, such as 'Discern' or 'PEMAT', as well as criteria catalogues or evidence-based patient information standards, may assist in the development, quality assessment and optimization of PIM. The inclusion of the end-users is recommended but for various reasons does not often take place. The innovative “integrated, cross-sectional Psycho-Oncology” (isPO) programme, offers needs-driven, professional support to all adult, newly diagnosed cancer patients early in their sickness trajectory. IsPO was developed in 2018. It was implemented and a formative evaluated in 2019. When developing this programme, different PIM were created top-down by the programme designers. During implementation, it became evident that these PIM materials required further improvement. A testing and optimization process started using the participatory health research (PHR) approach and was completed in a five-month period. A PIM-optimisation team was founded, which included the project partners involved in the network support, self-help organisations and the external evaluation institute. A practical instrument (PIM-checklist) for optimising the isPO-PIM was designed, piloted and used for testing by end-users, isPO service providers, and experts. Based on the recommendations in the checklist, the material was revised accordingly. Additionally, the PIM was completed with the design of two new components. Four optimisation rounds were conducted. The optimized PIM was tested on its comprehensibility (for end-users) and its usability (for service providers). During the presentations, the audience is invited to comment on critical questions that may appear during optimization (e.g. timing). Afterwards, there will be a skill building part with a focus on collaborative learning (45 minutes). First, we will focus on the requirements for a practical instrument that is handy for end-users, service providers and experts (mind mapping exercise). Finally, participants will be able to explore the following topics “World Café” discussion: (1) how to plan, conduct and communicate the development of optimization of PIM in a CI program, (2) what needs to be considered for the optimization (e.g. team composition, resources), and (3) how to continuously achieve end-userś participation. Key messages Excellent PIM are essential for a complex interventiońs success in practice and must include information and foster actionability. the iterative PIM design processes benefits from high user participation.

scholarly journals A first look at Android applications in Google Play related to COVID-19

2021 ◽  
Vol 26 (4) ◽  
Author(s):  
Jordan Samhi ◽  
Kevin Allix ◽  
Tegawendé F. Bissyandé ◽  
Jacques Klein
Keyword(s):  
Mobile Apps ◽  
Contact Tracing ◽  
Location Tracking ◽  
Response Effort ◽  
Sensitive Data ◽  
Android Apps ◽  
Digital World ◽  
Public Health Organizations ◽  
Android Applications ◽  
Google Play

AbstractDue to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the COVID-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the COVID-19, with dedicated apps released as early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

scholarly journals Prepaid Mobile Phone Service and the Anonymous Caller: Considering Wireless E9-1-1 in Canada.

2002 ◽  
Vol 1 (4) ◽  
Author(s):  
Gordon A. Gow ◽  
Mark Ihnat
Keyword(s):  
Mobile Phone ◽  
Emergency Service ◽  
Emergency Services ◽  
Service Providers ◽  
Privacy Rights ◽  
Privacy Concerns ◽  
Wireless Service ◽  
Commercial Networks ◽  
Phone Service ◽  
The Right

This paper reports on a recently concluded empirical study into the development of Wireless E9-1-1 (emergency service) in Canada that initially focussed on privacy concerns raised in the context of an emerging location based service (LBS) for mobile phone users. In light of existing regulatory arrangements this paper concludes that in Canada the emerging Wireless E9-1-1 system establishes a reasonable level of protection for the privacy rights of mobile phone users who choose to contact emergency services. However, an important and surprising issue was raised in the proceedings regarding the obligation of wireless service providers offering prepaid mobile phone service to obtain verifiable subscriber records from their customers. This paper provides details regarding the issue and contributes a number of points to an emerging debate concerning the right to anonymity for customers who elect to use prepaid or other services provided over commercial networks.

scholarly journals The Smart Triad : Big Data Analytics , Cloud Computing and Internet of Things to shape the Smart Home, Smart City, Smart Business & Smart Country

2019 ◽  
Vol 8 (2S11) ◽  
pp. 3594-3600 ◽  
Keyword(s):  
Cloud Computing ◽  
Big Data ◽  
Internet Of Things ◽  
Data Analytics ◽  
Smart Home ◽  
Service Providers ◽  
Irrigation System ◽  
Electronic Devices ◽  
Big Data Analytics ◽  
User Privacy

Big data analytics, cloud computing & internet of things are a smart triad which have started shaping our future towards smart home, city, business, country. Internet of things is a convergence of intelligent networks, electronic devices, and cloud computing. The source of big data at different connected electronic devices is stored on cloud server for analytics. Cloud provides the readymade infrastructure, remote processing power to consumers of internet of things. Cloud computing also gives device manufacturers and service providers access to ―advanced analytics and monitoring‖, ―communication between services and devices‖, ―user privacy and security‖. This paper, presents an overview of internet of things, role of cloud computing & big data analytics towards IoT. In this paper IoT enabled automatic irrigation system is proposed that saves data over ―ThingSpeak‖ database an IoT analytics platform through ESP8266 wifi module. This paper also summarizes the application areas and discusses the challenges of IoT.

Sign in / Sign up

Export Citation Format

Share Document