Report on Security, Privacy, and Data Sovereignty of COVID Apps

Verified

Added on 2023/01/06

AI Summary

This report delves into the critical security, privacy, and data sovereignty issues surrounding COVID-19 safety applications. It meticulously examines potential threats to user data on mobile phones, linked cloud accounts, and financial accounts, including risks like improper session handling, broken authentication, and financial account breaches. The report further explores privacy threats such as client-side injection, denial-of-service attacks, network and browser exploits, and vulnerabilities in applications. Additionally, it addresses data sovereignty concerns related to U.S.-based cloud storage, considering factors like data residency, national security, trade implications, and the balance between open economies and security interests. The conclusion emphasizes the importance of robust security features and user involvement in tracking patient numbers in COVID-19 safety applications. The report provides a comprehensive analysis, supported by relevant research and literature.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Assessment

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Contents
INTRODUCTION.................................................................................................................................3
MAIN BODY........................................................................................................................................3
CONCLUSION.....................................................................................................................................6
REFERENCES......................................................................................................................................7

INTRODUCTION
The report is based on analysis of various kinds of issues related to security, location
and privacy. As well as these issues can impact to customers’ effectiveness in order to use the
COVID 19 safety application. In this report different kinds of issues are explained in a
detailed manner.
MAIN BODY
1. Discusses the possible threats and risks to the security of user data on mobile phones
and in linked Cloud and financial accounts from the use of the COVID Safe app.
Security issues:
 Risk of Improper Session Handling- Many applications like COVID 19 safe apps
make use of "coupons" to promote ease-of-access for smart phone purchases, enabling
users to execute many acts without being asked to identify and authenticate their
identification (Kour, Karim and Tretten, 2019). Tokens are created by apps to
recognize and verify computers, much like credentials for apps. With each strategic
leadership, or "session," protected apps create new tokens that should stay private.
Inappropriate session management happens, as per the Manifest, when applications
inadvertently exchange session tokens, such as with malicious actors, enabling them
to imitate authorized customers.
 Risk of financial accounts- This is also a risk which can be faced by users due to
various kinds of cyber attackers. The main cause of risk is that during usage of
applications, they add various kinds of information such as their email, mobile
number etc. these social accounts have linked with bank accounts. Due to which cyber
attackers can attack on the bank accounts and can stole the amount. Similar as in the
context of COVID 19 applications, there is risk of losing financial data due to lack of
security.
 Risk of broken authentication- The identification of innovative to distort this data is
not taken by a remarkable number of apps and APIs. It's kept unencrypted, quickly
intercepted, in plain text (Kimani, Oduol and Langat, 2019). The material is often
immediately decrypted when recovered, which makes it much easier to copy / paste
outside of the device when combined with insertion flaws. Broken authentication is an

overarching word for multiple flaws that are used by criminals to impersonate genuine
web users. Broken authentication generally applies to vulnerabilities in two
categories: session control and management of passwords. Both are categorized as
broken authentication because either outlet to characterize as a customer can be used
by attackers: subverted meeting IDs or stolen unencrypted passwords. To take full
advantage of these vulnerabilities, attackers use a wide range of tactics, varying from
massive compromised accounts to narrowly tailored strategies aim of obtaining access
to the credential of a single user.
2. Discusses the possible threats to the privacy of a user's data, location and activities
from the use of the COVID Safe application.
 Client Side Injection- The operation of malicious programmers on cellular devices
through the internet happens by browser or web surfing client side intrusion. Html
injection, Buffer overflow, or some other modern assault (trying to abuse phone
voicemail transcription, SMS) requires server side infusion. A text-based assault can
be loaded by attackers and a directed assessor exploited. In this manner, any collected
data can be infused, such as resource directed files or software (Gupta and Sheng,
2019).
 Risk of denial service attack- Service denial means that connection to application
servers or other servers is blocked by an intruder or attacker. This method of attack
usually requires robust networking and lightweight capabilities with respect to mobile
devices (smart phones). A professional intrusion on a smart phone could be carried
out with very little effort, with few hardware challenges, or even one hacker can be
enough to render a device unsafe.
 Risk of network exploits- This form utilizes the vulnerabilities in the web browser of
the mobile computer and other application for COVID 19 programmed that runs on a
wired or cellular network. When a network is linked to smart phones, the (network)
load some malevolent operating systems on the smart phones of customers without
unlimited users.
 Risk of browser exploits- The weaknesses of a participant's mobile browser or
programmed (software) that the app launches, including a PDF reader, flash player,
and image viewer, profit from this form of assault. In particular, while meeting an
unhealthy user, Web portal, click in a tab will install a malicious programmed or
application on a smart phone (Jalali, Razak, Perakslis and Madnick, 2019). An app
can include two types of threats, from web applications and app development,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

whenever a mobile user installs a hacker’s browser based malware by selecting a
connection in an vulnerable place where the scammer has complete power, which can
reveal the user’s details and encourage data protection theft.
 Risk of Vulnerable Application- Vulnerable apps are such apps that contain bugs that
can be abused with malevolent purposes. They allow the attacker to execute harmful
action, access sensitive private or corporate data, start practicing activities properly,
and install COVID 19 safety software without authorization.
 Privacy threats- In relation to malicious software, data protection attacks can be
triggered by mobile apps. The Global Positioning System (GPS) may, for instance,
include information on every location a user visit. An intruder or hacker might be able
to visit. Stealing the data and identity of a user, that can trigger deep problems.
3. Discusses the issues of data sovereignty that may apply to the storage of COVID Safe
data in U.S. based Cloud storage.
 Person privacy protection is frequently quoted as a policy priority by nations,
however in practice; data residency provisions are seldom planned nor advanced to
protect users. In the opposite, easier access to data at the national level hampers
privacy rights. For example, as records and storage devices data available remain in
local territories and can be confiscated in a search, police, intelligence services and
other government entities can more effectively force access to information. Data
citizenship rules, in other terms, are pro-privacy rules.
 Some nations want to ensure that relocation data is kept locally for national security
purposes so it can make a significant difference in a dispute to provide access to
classified information locally. Yet businesses in nations with strict data citizenship
and access criteria, since they are not trusted by corporate partners and policymakers
overseas, will collect less critical information in case of disaster.
 Some nations tend to think that critical data is going to be better at home. However,
nations with isolated or redundant technologies are less capable of shielding data
stored locally from international military and criminal threats. In addition, security
and insular mindset will impede access to the best foreign state-of-the-art
technologies in class.
 If, in an extreme emergency (possibly in dispute with other countries and international
businesses), a country wants to take on a bank, energy firm or vital infrastructure

supplier, it might be necessary for all related data to be held domestically and
accessible without foreign assistance. However, before such a takeover is possible,
any vital organization would be disadvantaged by reliability metrics criteria, as it will
not be able to leverage state-of-the-art cloud storage, artificial analytics, and other
globally established and hosting technology.
 The rules of data residency profoundly influence trade, preferring local firms over
international rivals (Caprolu, Sciancalepore and Tedeschi, 2020). Local firms can
more readily meet with data citizenship standards than international rivals, as they
naturally retain data at offices. While this can seem positive for local firms in the
immediate term, in the long term, such globalization continues to damage shielded
firms by protecting them mostly from-needed international market.
 In addition, foreign nations may inevitably return the favor and foreign companies
may stay prevented from having countries where data residency laws exist to escape
increased expenses and taxes. Indigenous companies will also find it hard to scale and
thrive globally. Ultimately, they would become a municipal responsibility. If local
facilities probably wind up not being internationally successful, instituting use of local
data centers or locally-made technologies become less beneficial and slows down
local growth.
 Many countries favor, by default, open economies and social liberty. To safeguard
security interests, they enact broadly framed record keeping, privacy and anti-treason
laws that are adequate (Martignani, 2019). However, very few governments have so
far implemented broad data residence laws, and trade agreements such as the Trans
Pacific Partnership Agreement (TPPA) specifically promise member states to
withdraw from implementing data residency laws or standards for local data centers.
CONCLUSION
On the basis of above report this can be concluded that companies who are involved
in preparation of COVID 19 safety applications, they should involve safety features. As well
as users should actively involve on tracking regular number of patients.

REFERENCES
Kour, R., Aljumaili, M., Karim, R. and Tretten, P., 2019. eMaintenance in railways: Issues
and challenges in cybersecurity. Proceedings of the Institution of Mechanical
Engineers, Part F: Journal of Rail and Rapid Transit, 233(10), pp.1012-1022.
Kimani, K., Oduol, V. and Langat, K., 2019. Cyber security challenges for IoT-based smart
grid networks. International Journal of Critical Infrastructure Protection, 25, pp.36-
49.
Gupta, B.B. and Sheng, Q.Z. eds., 2019. Machine learning for computer and cyber security:
principle, algorithms, and practices. CRC Press.
Jalali, M.S., Razak, S., Gordon, W., Perakslis, E. and Madnick, S., 2019. Health care and
cybersecurity: bibliometric analysis of the literature. Journal of medical Internet
research, 21(2), p.e12644.
Caprolu, M., Di Pietro, R., Raponi, S., Sciancalepore, S. and Tedeschi, P., 2020. Vessels
Cybersecurity: Issues, Challenges, and the Road Ahead. arXiv preprint
arXiv:2003.01991.
Martignani, C., 2019. Cybersecurity in cardiac implantable electronic devices. Expert Review
of Medical Devices, 16(6), pp.437-444.