COVID-19 tracing apps are useful in identifying the infected individuals within an area. However, when personal information is compromised, it might be a sign to improve its security.
According to the latest report, Hong Kong's government junked the claim from an independent audit that the app has leaked confidential data online.
Hong Kong's COVID-19 Tracing App Has Security Flaws
Bloomberg reported on Thursday, July 28, that the Hong Kong government's official app for tracing COVID-19 cases was found to have security issues on its software side.
7ASecurity, a cybersecurity firm from Poland, discovered that the app is teeming with vulnerabilities, although the flaws were not installed there for unauthorized tracking.
The app is called "Leave Home Safe," and has been existing since November 2020. Hong Kong residents scan a QR code through this tracing app in both public and private places.
This application is almost similar to other COVID-19 tracing apps since it will alert the person if an infected individual paid a visit to a particular place recently.
7ASecurity is the security audit behind the Leave Home Safe apps, which are both accessible on iOS and Android platforms.
Hong Kongers Are Worried About the App's Privacy Risks
As per a report by RFA, the Hong Kong people have already had doubts about the capability of the COVID-19 tracing app since its launch. Many residents were skeptical about its privacy and security risks.
Other individuals said that the app could be used to track the names of the users in the database amid the geopolitical tension in the country.
During the first two weeks of its release, less than 500,000 app downloads have been recorded. The low number might have stemmed from trust issues of the users regarding their privacy concerns.
At the time, other users reportedly bought or got a secondary smartphone to potentially dodge the possibility of getting their information stolen on their first device.
As for the part of 7ASecurity, they aim to prove if the security claims about Leave Home Safe are accurate or not.
The audit exposed that the app has 12 flaws that were overlooked. The first eight issues are counted as security flaws.
"While no clear privacy violation could be conclusively proven during the audit at runtime, a number of application artifacts, likely inherited from underlying dependencies or simply security vulnerabilities introduced by mistake, were found during this exercise," 7ASecurity's report says.
Although there are vulnerabilities in the app, the independent audit could not clearly state if the software is made for malicious tracking of the users.
Additionally, 7ASecurity discovered that the vaccination status of the users goes to the "inappropriate" sites of confidential data. This means that it's not secured since random people can just plug a hard drive and steal the information.
Aside from that, Leave Home Safe does not have a valid COVID-19 vaccination QR code, health code system credentials, and a valid COVID test QR code.
Related Article : [VIRAL] 17-Year-Old Inventor of COVID-19 Tracking App Turns Down $8 Million To Keep Site Ad-Free; Here's Why
Leave Home Safe Needs Further Assessment
Having said that, this means that the COVID-19 tracing app did not properly undergo a strict audit in the past.
7ASecurity said that the Leave Home Safe platform should be thoroughly reviewed. By this, the security and privacy issues will be addressed so people will no need to worry anymore about its features.
In other news, Time reported that Hong Kong is currently holding the highest COVID-19 death rate in the world. If another surge happens in the country, the residents might not be ready for another wave.
This article is owned by Tech Times
Written by Joseph Henry