Callie Monroe, Faiza Tazi, Sanchari Das (university of Denver)

Governments, Healthcare, and Private Organizations in the global scale have been using digital tracking to keep COVID-19 outbreaks under control. Although this method could limit pandemic contagion, it raises significant concerns about user privacy. Known as “Contact Tracing Apps” , these mobile applications are facilitated by Cellphone Service Providers (CSPs), who enable the spatial and temporal realtime user tracking. Accordingly, it might be speculated that CSPs collect information violating the privacy policies such as GDPR, CCPA, and others. To further clarify, we conducted an in-depth analysis comparing privacy legislations with the real world practices adapted by CSPs. We found that three of the regulations (GDPR, COPPA, and CCPA) analyzed defined mobile location data as private information, and two (T-Mobile US, Boost Mobile) of the five CSPs that were analyzed did not comply with the COPPA regulation. Our results are crucial in view of the threat these violations represent, especially when it comes to children’s data. As such proper security and privacy auditing is necessary to curtail such violations. We conclude by providing actionable recommendations to address concerns and provide privacy-preserving monitoring of the COVID-19 spread through the contact tracing applications.

View More Papers

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

Evan Johnson (University of California San Diego), David Thien (University of California San Diego), Yousef Alhessi (University of California San Diego), Shravan Narayan (University Of California San Diego), Fraser Brown (Stanford University), Sorin Lerner (University of California San Diego), Tyler McMullen (Fastly Labs), Stefan Savage (University of California San Diego), Deian Stefan (University of California…

Read More

JMPscare: Introspection for Binary-Only Fuzzing

Dominik Maier, Lukas Seidel (TU Berlin)

Read More

QPEP: An Actionable Approach to Secure and Performant Broadband...

James Pavur (Oxford University), Martin Strohmeier (armasuisse), Vincent Lenders (armasuisse), Ivan Martinovic (Oxford University)

Read More

POP and PUSH: Demystifying and Defending against (Mach) Port-oriented...

Min Zheng (Orion Security Lab, Alibaba Group), Xiaolong Bai (Orion Security Lab, Alibaba Group), Yajin Zhou (Zhejiang University), Chao Zhang (Institute for Network Science and Cyberspace, Tsinghua University), Fuping Qu (Orion Security Lab, Alibaba Group)

Read More