The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.

On April 13, the Citizen Lab published an analysis of the IATA Travel Pass. In this post, we discuss the significance of the report’s findings.

In this report, we undertake a preliminary comparative analysis of how different information technologies were mobilized in response to COVID-19 to collect data, the extent to which Canadian laws impeded the response to COVID-19, and the potential consequences of reforming data protection or privacy laws to enable more expansive data collection, use, or disclosure of personal information in future health emergencies.

In their reporting on how China handled the first year of the COVID-19 pandemic, the New York Times cites Citizen Lab research that outlines information controls on Chinese social media during the outbreak.

On December 21, 2020 the Citizen Lab released a report that discovered issues with three COVID-related applications in Indonesia and the Philippines. This document provides a summary of the research findings and questions and answers from the research team.

The following is the Tagalog translation of the FAQ and key findings from the report titled Unmasked II: An Analysis of Indonesia and the Philippines’ Government-launched COVID-19 Apps.

As part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.

The following is the Bahasa Indonesia translation of the FAQ and key findings for the report titled Unmasked II: An Analysis of Indonesia and the Philippines’ Government-launched COVID-19 Apps.

Ang COVID-KAYA ay isang platform na ginagamit ng mga frontline healthcare workers sa Pilipinas para mangolekta at magbahagi ng mga kaso ng COVID-19 sa Kagawaran ng Kalusugan. Natagpuang nagtataglay ng mga kahinaan ang web at Android apps nito, na pinapayagan ang mga walang pahintulot na user na makuha ang pribadong datos tungkol sa mga gumagamit ng app, at maaring maging ang datos ng mga pasyente.