Yesterday, a French security researcher criticizes Pakistan’s government’s Covid-19 Gov PK mobile application for security flaws. Baptiste Robert (a French security researcher- specialises in smartphone apps abuse user data) said that there are several privacy flaws in the application developed by the National IT Board (NITB).
This Android app takes permission from users to get access to their mobile location data to show them Covid-19 patient within a radius of 30 to 300 metres. The app is also making able the patients to mark their location on the app to help others in the identification of a positive case in their locality.
Covid-19 Gov PK App Comes Under Criticism Over Security Flaws
Robert said in his tweet that the “radius alert” app was being managed without proper security bearings using hardcoded passwords. Password hardcoding is the practice of non-encrypted passwords in the source code.
“To display the pins on the map, the app is downloading the exact longitude and latitude of sick people,” Robert said.
He further said that “By keeping hardcoded credentials, use Http or disclose personal data of infected people, the “COVID-19 Gov PK” mobile app is a compilation of the worst security practices in mobile development,”
Recommended Reading: Check the Availability of Beds and Vents in Hospitals Through COVID-19 GOV PK App