Pellaeon Lin

Articles

Privacy and Security Analysis of the IATA Travel Pass Android App

The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.

關於 TikTok 與抖音的常見問題

2021 年 3 月 22 日,公民實驗室發佈了一篇研究報告,比較 TikTok 與抖音的安全、隱私及言論審查。我們將於本文中與研究員 Pellaeon Lin 討論他的研究發現。

Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines

COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.