Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Who needs spwyare when you have COVID-19 apps?

266 Aufrufe

Veröffentlicht am

With the current pandemic, privacy concerns have emerged around the large number of applications being published and promoted around the globe. From symptom tracking to contact tracing, the COVID-19 App Tracker Project (https://covid19apptracker.org) aims to automate detection of new and modified applications published on the Google Play Store.

Our session will discuss C19 app trends around the globe, emerging concerns, and what is required for greater transparency around the applications created and data collected by governments around the world.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Who needs spwyare when you have COVID-19 apps?

  1. 1. https://covid19apptracker.org Data Last Updated: 01 August 2020 Who needs spyware when you have COVID-19 apps? 1
  2. 2. Agenda Introduction The Project The People The Goals The Problem A walk down memory lane Ecosystem and Trends What can we learn from the data? Opportunities? 2
  3. 3. Agenda Introduction The Project The People The Goals The Problem A walk down memory lane Ecosystem and Trends What can we learn from the data? Opportunities? 3
  4. 4. Agenda Introduction The Project The People The Goals The Problem A walk down memory lane Ecosystem and Trends What can we learn from the data? Opportunities? 4
  5. 5. Our Team Megan DeBlois Product Manager Carlos Maycas Nadal Back-end Engineer Zach Anderson Front-end Engineer Justin DeBlois UX Designer Contact Us! info@covid19apptracker.org https://covid19apptracker.org/#/team 5
  6. 6. Introduction 6
  7. 7. https://covid19apptracker.org 7 Last Updated 01 Aug 2020
  8. 8. How it Works App Detection Engine (scan, updates, enrich) 1 App Database 2 Update Google Sheet Deploy GitHub Pages 3 Google Play Store 8
  9. 9. Building on a Budget No funding Limited time Understand the ecosystem (contact tracing, symptom tracking, informational) Create open data for deeper analysis Personal learning goals Constraints Goals 9
  10. 10. The Problem 10
  11. 11. ● Rapid deployment of technology… ● Bugs, Vulnerabilities, Exploitation Problem #1 The Problem 11
  12. 12. May: https://www.washingtonpost.com/technology/2020/05/21/care19-dakota-privacy-coronavirus/ “it violates its own privacy policy by sharing citizen location and other personal data with an outside company” 12
  13. 13. 13
  14. 14. 14
  15. 15. 15
  16. 16. ● Rapid deployment of technology… ● Bugs, Vulnerabilities, Exploitation Problem #1 ● Data collection and permissions ● Lack of transparency Problem #2 The Problem 16
  17. 17. Timeline Emergence More and more COVID-19 apps begin to emerge on play stores. Research May 2020Feb-Mar 2020 Mar 2020 Apr 2020 May 2020 Jun-Aug 2020 17
  18. 18. Timeline Emergence More and more COVID-19 apps begin to emerge on play stores. Restrictions Research May 2020Feb-Mar 2020 Mar 2020 Apr 2020 May 2020 Jun-Aug 2020 Google and Apple crackdown on apps. Restrict publication to governments and official health institutions. 18
  19. 19. 19
  20. 20. Timeline Emergence More and more COVID-19 apps begin to emerge on play stores. Restrictions Contact Tracing Research May 2020Feb-Mar 2020 Mar 2020 Apr 2020 May 2020 Jun-Aug 2020 Google and Apple crackdown on apps. Restrict publication to governments and official health institutions. Google/Apple announce collaboration “privacy respecting” contact tracing technology 20
  21. 21. https://www.eff.org/deeplinks/2020/04/apple-and-goo gles-covid-19-exposure-notification-api-questions-and -answers 21
  22. 22. MIT contact tracing app project data released Research Timeline Emergence More and more COVID-19 apps begin to emerge on play stores. Restrictions Contact Tracing Research May 2020Feb-Mar 2020 Mar 2020 Apr 2020 May 2020 Jun-Aug 2020 Google and Apple crackdown on apps. Restrict publication to governments and official health institutions. Google/Apple announce collaboration “privacy respecting” contact tracing technology 22
  23. 23. 23
  24. 24. MIT contact tracing app project data released; Research Timeline Emergence More and more COVID-19 apps begin to emerge on play stores. Restrictions Contact Tracing Research May 2020Feb-Mar 2020 Mar 2020 Apr 2020 May 2020 Jun-Aug 2020 Google and Apple crackdown on apps. Restrict publication to governments and official health institutions. Google/Apple announce collaboration “privacy respecting” contact tracing technology We still have a lot of data collection and privacy issues Data Collection 24
  25. 25. The Ecosystem 25
  26. 26. How many apps are there? On the Google Play Store *The following slides and information are based on data tracked by the project 26
  27. 27. 121On August 1st Contact Tracing Symptom Tracking Informational 3 Categories ● Contact Tracing ● Symptom Tracking ● Informational 27
  28. 28. Number of apps by country On the Google Play Store *The following slides and information are based on data tracked by the project 28
  29. 29. 29
  30. 30. India, United States, United Kingdom, Spain, United Arab Emirates, Pakistan, Vietnam Top Countries 30
  31. 31. India, United States, United Kingdom, Spain, United Arab Emirates, Pakistan, Vietnam Top Countries 31
  32. 32. India, United States, United Kingdom, Spain, United Arab Emirates, Pakistan, Vietnam Top Countries 32
  33. 33. India, United States, United Kingdom, Spain, United Arab Emirates, Pakistan, Vietnam Top Countries 33
  34. 34. The impact on people On the Google Play Store 34 *The following slides and information are based on data tracked by the project
  35. 35. The ScaleMore than 100M downloads Aarogya Setu India 100M+ 35
  36. 36. The ScaleMore than 100M downloads Aarogya Setu India 100M+ 10M CoronApp Colombia 36
  37. 37. The ScaleMore than 100M downloads Aarogya Setu India 100M+ 10M CoronApp Colombia Hayat Eve Sığar Turkey MySejahtera Malaysia CoronaWarn App Germany Cuidar COVID19 Argentina 5M+ 1M+ Australia Brazil India Israel U.K. Vietnam France Saudi Arabia Singapore Qatar 37
  38. 38. Privacy and Permissions 38 *The following slides and information are based on data tracked by the project
  39. 39. 39
  40. 40. 40
  41. 41. Who requests the most permissions? 41 *The following slides and information are based on data tracked by the project
  42. 42. Karantinas / Lithuania Symptom Tracking and Informational https://covid19apptracker.org/#/app/com.lym po.covid19 T COVID’19 / India Symptom Assessment and Informational https://covid19apptracker.org/#/app/com.tsst ate.citizen SM_Covid19 / Italy Contact Tracing https://covid19apptracker.org/#/app/it.softmi ning.projects.covid19.savelifestyle Type of App URL 23 Permissions Requested 42
  43. 43. Who requests the least permissions? 43 *The following slides and information are based on data tracked by the project
  44. 44. Pakistan's National Action Plan for COVID-19 / Pakistan Informational https://covid19apptracker.org/#/app/com.nap _pakistan.app Type of App URL 0 Permissions Requested 44
  45. 45. GVA Coronavirus / Spain Primary Care Appointment and Informational https://covid19apptracker.org/#/app/es.gva.co ronavirus Family - COVID 19 / Vietnam Symptom Tracking https://covid19apptracker.org/#/app/com.fam ily.tokhaiyte CoronaCheck / Pakistan Symptom Self Assessment and Informational https://covid19apptracker.org/#/app/com.edu .aku.akuhccheck Be + against COVID19 / Spain Informational https://covid19apptracker.org/#/app/com.app andabout.defusing Type of App URL 1 Permission Requested 45
  46. 46. More on geolocation 46 *The following slides and information are based on data tracked by the project
  47. 47. Requesting Approximate Location 79 (65%) Requesting Precise Location 90 (74%) Permission Number of Apps 47
  48. 48. 48 Google and Apple Exposure Notification
  49. 49. 49 “Your app must have the BLUETOOTH and INTERNET permission in its manifest, but your app doesn't require and can't include ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, nor BLUETOOTH_ADMIN.” https://developers.google.com/android/exposure-notifications/exposure-notifications-api
  50. 50. Dangerous Permissions 50
  51. 51. 51 “permissions that could potentially affect the user's privacy or the device's normal operation … the user must explicitly agree to grant those permissions.” https://developer.android.com/guide/topics/permissions/overview
  52. 52. * Android permissions categorization: https://developer.android.com/reference/android/Manifest.permission 52
  53. 53. * Android permissions categorization: https://developer.android.com/reference/android/Manifest.permission 53 65% 74%
  54. 54. * Android permissions categorization: https://developer.android.com/reference/android/Manifest.permission 54 50% 46%
  55. 55. * Android permissions categorization: https://developer.android.com/reference/android/Manifest.permission 55 36% 18% 15% 13% 6%
  56. 56. 56 App Name Country Affiliation App Name Country Affiliation COVID Coach (US Department of Veteran Affairs) U.S. Home Quarantine (Kwarantanna domowa) Poland Sức khỏe Việt Nam Vietnam Coronavirus UY Uruguay COVID19 - DXB Smart App UAE COVI Qatar COVID19 - DXB Responder UAE Shuurkhai 119 Mongolia T COVID'19 India COVID-19 Sounds U.K. COVID-19 Vietnam Shlonik - ‫ﺷﻠوﻧك‬ Kuwait Interactive Clinics Spain COVID19 UAE UAE C Spire Health - UMMC Virtual COVID-19 Triage U.S. SOS CORONA Mali Requesting Microphone Access
  57. 57. 57 Requesting Read Contacts Access App Name Country Affiliation CoronApp - Colombia Colombia Healthy Together - COVID-19 (US) U.S. Speetar COVID-19 (LY) Libya COVID Coach (US, Department of Veteran Affairs) U.S. COVID-19MX Mexico Hayat Eve Sığar Turkey Sức khỏe Việt Nam Vietnam
  58. 58. 58 Regional Permission Differences 121On August 1st
  59. 59. 59 57% 80%
  60. 60. Researchers and Advocates 60
  61. 61. 61 https://web.karisma.org.co/coronapp-muchos-datos-pocos-beneficios/
  62. 62. 62 https://www.amnesty.org/en/latest/news/2020/06/bahrain-kuwait-norway-contact-tracing-apps-danger-for-privacy/
  63. 63. 63 https://www.eff.org/issues/covid-19 Some universities in the U.S. are considering “app mandates”. (EFF, July 2020) https://www.eff.org/deeplinks/2020/07/u niversity-app-mandates-are-wrong-call
  64. 64. 64 https://reports.exodus-privacy.eu.org/en/analysis/submit/
  65. 65. What now? 65
  66. 66. What now? 66
  67. 67. 1. Privacy and security audits 2. Better understand adoption barriers to Google and Apple Exposure Notification technology 3. Advocate for privacy respecting applications 4. Transparency standards for COVID-19 applications a. Promote open source technologies b. Transparent data collection and treatment 67 Opportunities
  68. 68. The design decisions we make now have the potential for lasting impact on our privacy. 68
  69. 69. Any questions? 69 *We will be taking questions on the appropriate DEFCON Crypto Village discord channel info@covid19apptracker.org
  70. 70. Thank You COVID-19 App Tracker info@covid19apptracker.org 70
  71. 71. 71

×