Govt Pakistan disregarded the French security researcher’s claims of COVID-19 app being referred to as ‘unsafe’. Basically, the government of Pakistan rejected the reports based on security flaws and bugs in its COVID-19 Gov PK recently launched phone application for gaining easy access to information regarding ventilator availability in hospitals of the country.
Govt Pakistan disregarded the French security researcher’s claims of COVID-19 app being referred to as ‘unsafe’. Basically, the government of Pakistan rejected the reports based on security flaws and bugs in its COVID-19 Gov PK recently launched phone application for gaining easy access to information regarding ventilator availability in hospitals of the country.
In a press release by National Information Technology Board (NITB) said that the issues put forward by a French researcher were utterly incorrect.
Basically, the core purpose of the app is to stop the pandemic spread in the country by keeping the safe population updated on COVID-19. A very limited personal information of the user is extracted for record purpose.
Also, the COVID-19 Govt PK app does not show the exact coordinates that is their area of residence of the infected people, but instead, it shows the radius parameter that is fixed by default at 10 meters for self-declared patients and 300 meters at a quarantine location.
Hence, self-declared patients have given their approval over the decision to reveal their residential place solely for the safety of other citizens.
Moreover, they have accepted the privacy policy or simply the terms and conditions of the application.
It was also added in the press release, “No user login mechanism is present in the app. Therefore, the use of login and passwords are not part of app workflow. The screenshot mentioning the hardcoded password is the defined keyword to give more security to auto-token endpoint, so that endpoint can only be used from mobile apps.”
According to the NITB, all their Application Programming Interface (API) communicate using Hypertext Transfer Protocol Secure (HTTPS). Therefore, when the concern is regarding the security and protection of the personal data of users as per international standards is definitely of too much importance and implemented at the core
Although there are adequate number of security flaws in the in app. In a strange revelation it emerged that the “COVID-19 Gov PK” application which is touted by the government for convenient access to information on the ventilator availability has a certain number of serious security and equally privacy flaws.
A French security researcher namely Elliot Alderson who is also a television character who is a cyber security engineer in hit TV show Mr. Robot said that he has “analysed” the COVID-19 Gov PK app and he has found several serious deficiencies in it.
Elliot condemned the app by saying: “Yesterday night, I analysed ‘COVID-19 Gov PK’ the official #Covid19 mobile app made by the Pakistani government. Hard coded passwords, insecure connections, privacy issues, … nothing is ok with this app”.