StopCOVID, a complete disaster that confirms that governments are not to be trusted

The contact tracing application of the Government of France confirms everything that was suspected: it is a disaster in terms of functionality and a danger in terms of the privacy of its users. A botch that we hope will serve as an example so that others do not fall into the same error.

We have already told you about the project that Apple and Google have carried out jointly and that has ended with an API that they have made available to governments around the world for the development of a contact tracing application that guarantees privacy as much as possible. and that of course it works as it should. Despite having put it on a platter, some governments, The United Kingdom and France at the head of them, have harshly criticized these two companies for wanting to impose their API and have decided to wage war on their own. The result could not be worse, as the StopCOVID app that the French government has just launched shows that it is a complete disaster. And when I say disaster, I am not only talking about its operation, but also in terms of user privacy, as shown by several audits carried out since the app is open source and is available for analysis.

One of the most interesting analysis of the StopCOVID application and that uses a clearer language for those of us who do not know the development of applications is the one carried out by Nadim Kobeissi (link) in which several analyzes carried out by official bodies are also cited. I summarize the most important failures and privacy problems that are cited in this article:

  • The use of Bluetooth made by this application is not useful to know the exact distance at which you are from another person.
  • On iOS devices, for not using the Apple-Google API, Bluetooth is deactivated as soon as you close the application, you leave it in the background or turn off the iPhone screen, so StopCOVID is completely useless on iPhone.
  • Application does not resolve a serious security flaw with Bluetooth that the API of Apple and Google does solve, so anyone who uses that app is vulnerable to that flaw.
  • Despite the fact that the French government assures that geolocation is not required, the app asks for permission to use GPS and be able to locate you.
  • The application requires the user registration (Wasn't it anonymous?)
  • During user registration, Google's ReCaptcha system is used, that sends your IP and user agent to Google, that is to say, your anonymity is absolutely struck down.

The article cites the report of Iria (Institut National de Recherche en Informatique et en Automatique) which is a French research center specialized in Computer Science, Control Theory and Applied Mathematics. The conclusions reached are devastating in terms of respect for the privacy of users, ensuring that none of these requirements are met:

  • The data must be anonymous
  • It must be impossible to determine who infected whom
  • It must be impossible to determine if a person is sick or not
  • It is impossible to raise false alarms
  • Using Bluetooth should not be a security concern
  • It must be impossible to access the data on a large scale

Follow us on Google News

A comment, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Root said

    It is very unfortunate!