Analysis of Pakistani contact tracing app finds security flaws

A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their locations. The app had been downloaded by 500,000 people at the time. A second independent test found that the app uses an unencrypted database that can be access by either an attackers with physical access to the device or a malicious app with root access.

https://twitter.com/fs0c131y/status/1270260361225265153
https://www.dawn.com/news/1562767
Writer: Elliot Alderson; Ramsha Jahangir
Publication: Twitter; Dawn