Covid-19 Gov PK App Comes Under Criticism Over Security Flaws

Yesterday, a French security researcher criticizes Pakistan’s government’s Covid-19 Gov PK mobile application for security flaws. Baptiste Robert (a French security researcher- specialises in smartphone apps abuse user data) said that there are several privacy flaws in the application developed by the National IT Board (NITB).

This Android app takes permission from users to get access to their mobile location data to show them Covid-19 patient within a radius of 30 to 300 metres. The app is also making able the patients to mark their location on the app to help others in the identification of a positive case in their locality.

Covid-19 Gov PK App Comes Under Criticism Over Security Flaws

Robert said in his tweet that the “radius alert” app was being managed without proper security bearings using hardcoded passwords. Password hardcoding is the practice of non-encrypted passwords in the source code.

“To display the pins on the map, the app is downloading the exact longitude and latitude of sick people,” Robert said.

He further said that “By keeping hardcoded credentials, use Http or disclose personal data of infected people, the “COVID-19 Gov PK” mobile app is a compilation of the worst security practices in mobile development,”

However, in the response of Robert’s allegations, NITB CEO Shabahat Ali Shah in a statement on Twitter said: “The app does not show the exact coordinates of the infected people, instead it shows a radius parameter that is fixed by def­ault at 10m for self-declared pati­e­nts and 300m at a quarantine location. The self-declared patients have given their consent to reveal their coordinates for the safety of other citizens. Moreover, they have accepted our app privacy policy/terms and conditions.”

Recommended Reading: Check the Availability of Beds and Vents in Hospitals Through COVID-19 GOV PK App

Back to top button