[ad_1]
When President Cyril Ramaphosa announced last week that South Africa would move to lockdown level 1, he urged the public to download the COVID-19 Alert SA app.
This app is designed to prevent the spread of the coronavirus by notifying you if you have come into contact with someone who has tested positive for COVID-19.
It is available to download for free from Google Play and the Apple App Store, and is not rated by mobile networks.
Ramaphosa also told South Africans during his speech that the app is completely anonymous and does not track your personal data or location.
This is because the application uses Bluetooth, and not location tracking, to exchange encrypted codes with other users of the application that determines if they were in contact with each other.
Code sharing occurs when your smartphones are within two meters of each other for more than 15 minutes, and these codes are stored for two weeks.
When an app user tests positive for COVID-19, they can report this information on the app anonymously.
Your device then uploads all the random codes that it has logged for the last two weeks to the exposure notification server, which notifies other uses accordingly.
Unfounded security concerns
Following Ramaphosa’s recommendation that South Africans install the app, false messages began to circulate that the app would invade the privacy of citizens and that it was being used to spy on them.
Various bogus messages claim that the app can be used to track your location and identify users in real time.
While Security experts have already refuted these alarmist narratives., there is a simple and effective way to determine the intrusion of a mobile application on your privacy: the application’s permission list.
This was demonstrated by the manager of Orange Cyberdefense South Africa, Dominic White, who pointed out On twitter that app permissions refute the spread of misinformation about app security.
Applications downloaded from Google Play and the Apple App Store cannot access your personal data, location information or other hardware functions without first asking permission from the operating system.
By inspecting these permissions, it becomes clear that even if the COVID-19 Alert SA app were programmed to monitor the user’s location or access personal data, it would not be able to do so because it does not have the required permissions.
In contrast, a number of social media apps require virtually unlimited permissions to function properly, making it much more likely that they will track your location and personal data.
We compared the permissions required by the COVID-19 Alert SA application with those required by one of the social platforms where misinformation about the application spread more virulently: Facebook.
All permit data was obtained from Google Play Store at the time of writing.
COVID-19 Alert SA Permits
Below are the full permissions for the Android version of the COVID-19 Alert SA app, as detailed on the Play Store:
- View network connections
- Pair with Bluetooth devices
- Full network access
- Run at startup
- Prevent the device from sleeping
Understandably, each of these permissions is required within the scope of the application’s operations.
For example, network access would be required to send or receive encrypted codes while running on startup and preventing the device from going to sleep allows the application to continue monitoring its proximity to other people without your intervention.
Pairing with Bluetooth devices is obviously necessary, as this is the method by which the app can anonymously and privately exchange tokens with other people it comes into contact with.
Please note that no personal or location information is exposed. The app also doesn’t have access to your microphone, file system, or any other sensitive interface.
Facebook permissions
When the above permissions are compared with those of an app like Facebook, it is immediately apparent that there are many more reasons to worry about privacy with this latest software.
Everything from your camera and microphone to your file system and the names of the other apps you’re running in the background is exposed to Facebook.
While the company can claim that it uses these permissions only when necessary, it has historically been the case that major platforms like Facebook have been inadvertently or intentionally abusing this level of access on your users.
Below is the full list of permissions required by the Facebook Android app, clearly showing that it should be much more worrisome to download than the COVID-19 Alert SA app:
Device and app history
Calendar
- Add or modify calendar events and send emails to invitees without the owners’ knowledge
- Read calendar events plus confidential information
Location
- Accurate location (GPS and network-based)
- Approximate location (network based)
Microphone
Telephone
- Read the status and identity of the phone
- Call phone numbers directly
Identity
- Find accounts on the device
- Add or remove accounts
- Read your own contact card
Storage
- Read the contents of your USB storage
- Modify or delete the contents of your USB storage
Wi-Fi connection information
Photos / Media / Files
- Read the contents of your USB storage
- Modify or delete the contents of your USB storage
Camera
Device ID and call information
- Read the status and identity of the phone
Contacts
- Find accounts on the device
- Modify your contacts
- Read your contacts
Other
- Download files without notification
- Receive data from the Internet
- Read channel / TV program information
- Write TV program / channel information
- Send fixed transmission
- Connect and disconnect from Wi-Fi
- Change your audio settings
- Modify system settings
- Read sync settings
- Install shortcuts
- Read battery statistics
- Run at startup
- Prevent the device from sleeping
- View network connections
- Pair with Bluetooth devices
- Turn sync on and off
- Full network access
- Vibration control
- Read Google service settings
- Change network connectivity
- Access Bluetooth settings
- Near field communication control
- Create accounts and set passwords
- Draw over other apps
Facebook permissions vs COVID-19 Alert SA
| Excuse me | COVID-19 SA alert | |
|---|---|---|
| Other | ||
| View network connections | yes | yes |
| Pair with Bluetooth devices | yes | yes |
| Full network access | yes | yes |
| Run at startup | yes | yes |
| Prevent the device from sleeping | yes | yes |
| Download files without notification | yes | Not |
| Receive data from the Internet | yes | Not |
| Read channel / TV program information | yes | Not |
| Send fixed transmission | yes | Not |
| Connect and disconnect from Wi-Fi | yes | Not |
| Change your audio settings | yes | Not |
| Modify system settings | yes | Not |
| Read sync settings | yes | Not |
| Install shortcuts | yes | Not |
| Read battery statistics | yes | Not |
| Vibration control | yes | Not |
| Read Google service settings | yes | Not |
| Change network connectivity | yes | Not |
| Access Bluetooth settings | yes | Not |
| Near field communication control | yes | Not |
| Create accounts and set passwords | yes | Not |
| Draw over other apps | yes | Not |
| Device and app history | ||
| Recover running applications | yes | Not |
| Calendar | ||
| Add or modify calendar events and send emails to guests without the owners’ knowledge | yes | Not |
| Read calendar events plus confidential information | yes | Not |
| Location | ||
| Accurate location (GPS and network-based) | yes | Not |
| Approximate location (network based) | yes | Not |
| Microphone | ||
| Record audio | yes | Not |
| Telephone | ||
| Read phone status and identity | yes | Not |
| Call phone numbers directly | yes | Not |
| Identity | ||
| Find accounts on the device | yes | Not |
| Add or remove accounts | yes | Not |
| Read your own contact card | yes | Not |
| Storage | ||
| Read the contents of your USB storage | yes | Not |
| Modify or delete the contents of your USB storage | yes | Not |
| Wi-Fi connection information | ||
| View Wi-Fi connections | yes | Not |
| Photos / Media / Files | ||
| Read the contents of your USB storage | yes | Not |
| Modify or delete the contents of your USB storage | yes | Not |
| Camera | ||
| Take photos and videos | yes | Not |
| Device ID and call information | ||
| Read phone status and identity | yes | Not |
| Contacts | ||
| Find accounts on the device | yes | Not |
| Modify your contacts | yes | Not |
| Read your contacts | yes | Not |
Now Read: South Africa’s COVID-19 Alert App Is Safe And You Must Install It – Security Experts
[ad_2]
