Dissecting contact tracing apps in the Android platform

Vasileios Kouliaridis, Georgios Kambourakis, Efstratios Chatzoglou, Dimitris Geneiatakis, Hua Wang

Type: Article

Publication Date: 2021-05-14

Citations: 26

DOI: https://doi.org/10.1371/journal.pone.0251867

Abstract

Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fight against the coronavirus pandemic. The work at hand offers a meticulous study of all the official Android contact tracing apps deployed hitherto by European countries. Each app is closely scrutinized both statically and dynamically by means of dynamic instrumentation. Depending on the level of examination, static analysis results are grouped in two axes. The first encompasses permissions, API calls, and possible connections to external URLs, while the second concentrates on potential security weaknesses and vulnerabilities, including the use of trackers, in-depth manifest analysis, shared software analysis, and taint analysis. Dynamic analysis on the other hand collects data pertaining to Java classes and network traffic. The results demonstrate that while overall these apps are well-engineered, they are not free of weaknesses, vulnerabilities, and misconfigurations that may ultimately put the user security and privacy at risk.

Locations

PLoS ONE - View - PDF
PubMed Central - View
arXiv (Cornell University) - View - PDF
DOAJ (DOAJ: Directory of Open Access Journals) - View
DataCite API - View

Similar Works

Action	Title	Year	Authors
+	An Empirical Assessment of Global COVID-19 Contact Tracing Applications	2020	Ruoxi Sun Wei Wang Minhui Xue Gareth Tyson Seyit Camtepe Damith C. Ranasinghe
+	An Empirical Assessment of Global COVID-19 Contact Tracing Applications	2021	Ruoxi Sun Wei Wang Minhui Xue Gareth Tyson Seyit Camtepe Damith C. Ranasinghe
+	A First Look at Android Applications in Google Play related to Covid-19	2020	Jordan Samhi Kevin Allix Tegawendé F. Bissyandé Jacques Klein
+	A First Look at Android Applications in Google Play related to Covid-19	2020	Jordan Samhi Kevin Allix Tegawendé F. Bissyandé Jacques Klein
+ PDF Chat	A Survey of COVID-19 Contact Tracing Apps	2020	Nadeem Ahmed Regio A. Michelin Wanli Xue Sushmita Ruj Robert Malaney Salil S. Kanhere Aruna Seneviratne Wen Hu Helge Janicke Sanjay Jha
+	A Security & Privacy Analysis of US-based Contact Tracing Apps	2022	Joydeep Mitra
+	Contact Tracing: Beyond the Apps	2020	Mohamed F. Mokbel Sofiane Abbar Rade Stanojević
+ PDF Chat	Same App, Different Behaviors: Uncovering Device-specific Behaviors in Android Apps	2024	Zikan Dong Yanjie Zhao Tianming Liu Chao Wang Guosheng Xu Guoai Xu Lin Zhang Haoyu Wang
+ PDF Chat	Do Android taint analysis tools keep their promises?	2018	Felix Pauck Eric Bodden Heike Wehrheim
+	KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications	2021	Fadi Mohsen Loran Oosterhaven Fatih Türkmen
+	KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications	2021	Fadi Mohsen Loran Oosterhaven Fatih Türkmen
+ PDF Chat	KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications	2021	Fadi Mohsen Loran Oosterhaven Fatih Türkmen
+	MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs	2016	Jagdish Prasad Achara Vincent Roca Claude Castelluccia Aurélien Francillon
+ PDF Chat	MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs	2016	Jagdish Prasad Achara Vincent Roca Claude Castelluccia Aurélien Francillon
+	Finding Vulnerabilities in Mobile Application APIs: A Modular Programmatic Approach	2023	Nate Haris K. Chen Ann Song Benjamin Pou
+	The Fallibility of Contact-Tracing Apps	2020	Piotr Sapieżyński J Pruessing Sekara
+ PDF Chat	Analyzing Use of High Privileges on Android: An Empirical Case Study of Screenshot and Screen Recording Applications	2019	Mark Huasong Meng Guangdong Bai Joseph K. Liu Xiapu Luo Yu Wang
+	Review of Mobile Apps Permissions and Associated Intrusive Privacy Threats	2018	Akosua Boakyewaa Teye Ezer Osei Yeboah-Boateng
+	Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic	2020	Ramesh Raskar Isabel Schunemann Rachel Barbar Kristen Vilcans Jim Gray Praneeth Vepakomma Suraj Kapa Andrea Nuzzo Rajiv Gupta Alex Berke
+	I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis	2014	Li Li Alexandre Bartel Jacques Klein Yves Le Traon Steven Arzt Siegfried Rasthofer Eric Bodden Damien Octeau Patrick McDaniel

Works That Cite This (6)

Action	Title	Year	Authors
+	A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset	2022	Efstratios Chatzoglou Vasileios Kouliaridis Georgios Kambourakis Γεώργιος Καρόπουλος Stefanos Gritzalis
+	Do we need a contact tracing app?	2020	Leonardo Maccari Valeria Cagno
+	Designing evaluation framework for the empirical assessment of COVID-19 mobile apps in Pakistan	2022	Yasir Ali Habib Ullah Khan
+	Demystifying COVID-19 digital contact tracing: A survey on frameworks and mobile apps	2020	Tania Martin Γεώργιος Καρόπουλος José L. Hernández-Ramos Georgios Kambourakis Igor Nai Fovino
+	Demystifying COVID-19 Digital Contact Tracing: A Survey on Frameworks and Mobile Apps	2020	Tania Martin Γεώργιος Καρόπουλος José L. Hernández-Ramos Georgios Kambourakis Igor Nai Fovino
+ PDF Chat	Sharing Pandemic Vaccination Certificates through Blockchain: Case Study and Performance Evaluation	2021	José L. Hernández-Ramos Γεώργιος Καρόπουλος Dimitris Geneiatakis Tania Martin Georgios Kambourakis Igor Nai Fovino

Works Cited by This (10)

Action	Title	Year	Authors
+	An Investigation into the Use of Common Libraries in Android Apps	2016	Li Li Tegawendé F. Bissyandé Jacques Klein Yves Le Traon
+	Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones	2017	Vincent Taylor Alastair R. Beresford Ivan Martinović
+	Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs	2020	Hyunghoon Cho Daphne Ippolito Yun William Yu
+	COVID-19 Contact-tracing Apps: a Survey on the Global Deployment and Challenges	2020	Jinfeng Li Xinyi Guo
+	Decentralized Privacy-Preserving Proximity Tracing	2020	Carmela Troncoso Mathias Payer Jean‐Pierre Hubaux Marcel Salathé James R. Larus Edouard Bugnion Wouter Lueks Theresa Stadler Apostolos Pyrgelis Daniele Antonioli
+ PDF Chat	A Survey of COVID-19 Contact Tracing Apps	2020	Nadeem Ahmed Regio A. Michelin Wanli Xue Sushmita Ruj Robert Malaney Salil S. Kanhere Aruna Seneviratne Wen Hu Helge Janicke Sanjay Jha
+	Demystifying COVID-19 Digital Contact Tracing: A Survey on Frameworks and Mobile Apps	2020	Tania Martin Γεώργιος Καρόπουλος José L. Hernández-Ramos Georgios Kambourakis Igor Nai Fovino
+	Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem	2016	Narseo Vallina-Rodriguez Srikanth Sundaresan Abbas Razaghpanah Rishab Nithyanand Mark Allman Christian Kreibich Phillipa Gill
+	Decentralized Privacy-Preserving Proximity Tracing	2020	Carmela Troncoso Mathias Payer Jean‐Pierre Hubaux Marcel Salathé James R. Larus Edouard Bugnion Wouter Lueks Theresa Stadler Apostolos Pyrgelis Daniele Antonioli
+	Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic	2020	Ramesh Raskar Isabel Schunemann Rachel Barbar Kristen Vilcans Jim Gray Praneeth Vepakomma Suraj Kapa Andrea Nuzzo Rajiv Gupta Alex Berke