On December 21, 2020 the Citizen Lab released a report that discovered issues with three COVID-related applications in Indonesia and the Philippines. This document provides a summary of the research findings and questions and answers from the research team.
Posts tagged “Security”
The following is the Tagalog translation of the FAQ and key findings from the report titled Unmasked II: An Analysis of Indonesia and the Philippines’ Government-launched COVID-19 Apps.
As part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.
The following is the Bahasa Indonesia translation of the FAQ and key findings for the report titled Unmasked II: An Analysis of Indonesia and the Philippines’ Government-launched COVID-19 Apps.
Ang COVID-KAYA ay isang platform na ginagamit ng mga frontline healthcare workers sa Pilipinas para mangolekta at magbahagi ng mga kaso ng COVID-19 sa Kagawaran ng Kalusugan. Natagpuang nagtataglay ng mga kahinaan ang web at Android apps nito, na pinapayagan ang mga walang pahintulot na user na makuha ang pribadong datos tungkol sa mga gumagamit ng app, at maaring maging ang datos ng mga pasyente.
COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.
South Korea requires minors to have content filtering apps installed on their phones. A security audit of two child monitoring apps—Cyber Security Zone and Smart Dream—finds serious security and privacy issues that put children at risk.
Researchers from the University of New Mexico and the Citizen Lab provide the first independent analysis of popular messaging app LINE’s end-to-end encryption security features and discuss gaps in communication between researchers, developers and users.
Citizen Lab Senior Research Fellow John Scott-Railton has published an updated version of his “Security for the High-Risk user” paper, first published in the IEEE Security & Privacy in spring 2016. The updates were made based on new evidence of attacks against two-factor and account recovery SMSes, underlining the need for innovation in two-factor authentication.
In this report we analyze Windows and Android versions of web browser UC Browser, and find they transmitted personally identifiable information with easily decryptable encryption and were vulnerable to arbitrary code execution during software updates