scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Study on Contact Tracing Apps for Covid-19: Privacy and Security Perspective

29 Apr 2021-Vol. 18, Iss: 1, pp 341-359
TL;DR: A comprehensive evaluation and specific suggestions will lead to creation and implementation of solutions towards Covid-19 and support governments and mobile development industries in creating safe and privacy conserving apps for contact tracing solutions.
Abstract: To support the manual contact tracing methods of Covid-19, countries and big companies like Apple and Google are busy developing several contact tracing applications. The purpose of digital contact tracing apps is to accelerate existing traditional face to face interview method which can control the pandemic effectively and rapidly. A major concern is whether consumers will be willing to download, install, and use the contact tracing applications because of the debate it created about its main attribute like security, privacy concern, system framework, data processing, location measurement. In this paper we discuss the contact tracing apps and its different architecture, then we analyze the framework in term of security, privacy concern and privacy policy. We reported 47 contact tracing applications which are from 28 countries worldwide, with several others expected to be roll out later. We found that 23 percent of contact tracing apps currently implemented do not provide privacy policy in their documentation. We believe that these comprehensive evaluation and specific suggestions will lead to creation and implementation of solutions towards Covid-19 and support governments and mobile development industries in creating safe and privacy conserving apps for contact tracing solutions. © 2021. All Rights Reserved.
Citations
More filters
Journal ArticleDOI
TL;DR: In this paper , the authors proposed milliTRACE-IR, a joint mmWave radar and infrared imaging sensing system performing unobtrusive and privacy preserving human body temperature screening and contact tracing in indoor spaces.
Abstract: Social distancing and temperature screening have been widely employed to counteract the COVID-19 pandemic, sparking great interest from academia, industry and public administrations worldwide. While most solutions have dealt with these aspects separately, their combination would greatly benefit the continuous monitoring of public spaces and help trigger effective countermeasures. This work presents milliTRACE-IR, a joint mmWave radar and infrared imaging sensing system performing unobtrusive and privacy preserving human body temperature screening and contact tracing in indoor spaces. milliTRACE-IR combines, via a robust sensor fusion approach, mmWave radars and infrared thermal cameras. It achieves fully automated measurement of distancing and body temperature, by jointly tracking the subjects’s faces in the thermal camera image plane and the human motion in the radar reference system. Moreover, milliTRACE-IR performs contact tracing: a person with high body temperature is reliably detected by the thermal camera sensor and subsequently traced across a large indoor area in a non-invasive way by the radars. When entering a new room, a subject is re-identified among several other individuals by computing gait-related features from the radar reflections through a deep neural network and using a weighted extreme learning machine as the final re-identification tool. Experimental results, obtained from a real implementation of milliTRACE-IR, demonstrate decimeter-level accuracy in distance/trajectory estimation, inter-personal distance estimation (effective for subjects getting as close as 0.2 m), and accurate temperature monitoring (max. errors of 0.5 °C). Furthermore, milliTRACE-IR provides contact tracing through highly accurate (95%) person re-identification, in less than 20 seconds.

3 citations

Posted Content
TL;DR: In this paper, a joint mm-wave radar and infrared imaging sensing system is proposed to perform unobtrusive and privacy preserving human body temperature screening and contact tracing in indoor spaces.
Abstract: In this work, we present milliTRACE-IR, a joint mm-wave radar and infrared imaging sensing system performing unobtrusive and privacy preserving human body temperature screening and contact tracing in indoor spaces. Social distancing and fever detection have been widely employed to counteract the COVID-19 pandemic, sparking great interest from academia, industry and public administrations worldwide. While most solutions have dealt with the two aspects separately, milliTRACE-IR combines, via a robust sensor fusion approach, mm-wave radars and infrared thermal cameras. The system achieves fully automated measurement of distancing and body temperature, by jointly tracking the faces of the subjects in the thermal camera image plane and the human motion in the radar reference system. It achieves decimeter-level accuracy in distance estimation, inter-personal distance estimation (effective for subjects getting as close as 0.2 m), and accurate temperature monitoring (max. errors of 0.5 C). Moreover, milliTRACE-IR performs contact tracing: a person with high body temperature is reliably detected by the thermal camera sensor and subsequently traced across a large indoor area in a non-invasive way by the radars. When entering a new room, this subject is re-identified among several other individuals with high accuracy (95%), by computing gait-related features from the radar reflections through a deep neural network and using a weighted extreme learning machine as the final re-identification tool.

3 citations

TL;DR: In this paper , a hybrid approach was proposed to design and implement query spelling error detection and correction (SEDC) for Tigrigna information retrieval (IR), which is fast and robust to achieve better performance.
Abstract: Received Jun 6, 2022 Revised Sep 4, 2022 Accepted Sep 26, 2022 This paper proposes a hybrid approach to design and implement query spelling error detection and correction (SEDC) for Tigrigna information retrieval (IR). Our approach, which is the main contribution to this work, is fast and robust to achieve better performance and also helps the users to easily insert their corrected queries to retrieve relevant information from the IR. This is achieved by combining the normalized measure of bigram overlap using the Jaccard coefficient (J.C) technique, a dynamic programming algorithm for edit distance, and probability of occurrence, which were used to make suggestions for the misspelt words. Our approach was evaluated on the SEDC subtasks separately. It achieved an F-measure of 98.85% on the spelling error detection subtask and an accuracy of 95.36% on the spelling error correction subtask. Thus, a comparison was conducted between our approach and the existing Tigrigna spell checker. It is found that our approach outperformed the existing spell checker and shows a 5.36% improvement in accuracy. This is by far the most promising result with regard to correcting the misspelt users’ queries and improving the overall performance of the IR.
Proceedings ArticleDOI
01 Jan 2022
TL;DR: It is found that privacy concerns, tech unawareness, app requisites, and mistrust can reduce the users’ willingness to use CTAs, and ways to foster public trust and meet users' privacy expectations are presented to support CTA’s adoption.
Abstract: —Contact Tracing Apps (CTAs) have been developed and deployed in various parts of the world to track the spread of COVID-19. However, low social acceptance and the lack of adoption can impact CTA effectiveness. Prior work primarily focused on the privacy and security of CTAs, compared different models, and studied their app design. However, it remains unclear (1) how CTA privacy is perceived by end-users; (2) what reasons behind low adoption rates are, and (3) what the situation around the social acceptability of CTAs is. In this paper, we investigate these aspects by surveying 80 participants (40 from Australia, 40 from France). Our study reveals interesting results on CTA usage, experiences, and user perceptions. We found that privacy concerns, tech unawareness, app requisites, and mistrust can reduce the users’ willingness to use CTAs. We conclude by presenting ways to foster public trust and meet users’ privacy expectations that in turn support CTA’s adoption.
Journal ArticleDOI
TL;DR: CoAvoid is a decentralized, privacy-preserved contact tracing system that features good dependability and usability, and can reduce upload data by at least 90% and simultaneously resist wormhole and replay attacks in various scenarios.
Abstract: To fight against infectious diseases (e.g., SARS, COVID-19, Ebola, etc.), government agencies, technology companies and health institutes have launched various contact tracing approaches to identify and notify the people exposed to infection sources. However, existing tracing approaches can lead to severe privacy and security concerns, thereby preventing their secure and widespread use among communities. To tackle these problems, this paper proposes CoAvoid, an edge-based, privacy-preserved contact tracing system that features good dependability and usability. CoAvoid leverages the Google/Apple Exposure Notification (GAEN) API to achieve decent device compatibility and operating efficiency. It utilizes Bluetooth Low Energy (BLE) to detect close contact with other people and leverages GPS with fine-grained matching algorithms to verify user information. In addition, to enhance privacy protection, CoAvoid applies fuzzification and obfuscation measures to shelter sensitive data, making both servers and users agnostic to information of both low and high-risk populations. The evaluation demonstrates good efficacy and security of CoAvoid. Compared with four state-of-the-art contact tracing applications, CoAvoid can reduce the size of upload data by at least 90% and reduce the verification time by 92%. More importantly, CoAvoid can preserve user privacy and resist replay and wormhole attacks in all analysis scenarios.
References
More filters
Proceedings ArticleDOI
11 Jul 2012
TL;DR: It is found that current Android permission warnings do not help most users make correct security decisions, however, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension.
Abstract: Android's permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application's permission requests and cancel the installation if the permissions are excessive or objectionable. We examine whether the Android permission system is effective at warning users. In particular, we evaluate whether Android users pay attention to, understand, and act on permission information during installation. We performed two usability studies: an Internet survey of 308 Android users, and a laboratory study wherein we interviewed and observed 25 Android users. Study participants displayed low attention and comprehension rates: both the Internet survey and laboratory study found that 17% of participants paid attention to permissions during installation, and only 3% of Internet survey respondents could correctly answer all three permission comprehension questions. This indicates that current Android permission warnings do not help most users make correct security decisions. However, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension. We present recommendations for improving user attention and comprehension, as well as identify open challenges.

1,047 citations


"A Study on Contact Tracing Apps for..." refers methods in this paper

  • ...This protocol ensures that the registration procedure for the user's application assign a unique identifier for the device with no Personally identifiable information recording (Felt et al., 2012)....

    [...]

Journal ArticleDOI
TL;DR: This article provides the first comprehensive review of tracing apps' key attributes, including system architecture, data management, privacy, security, proximity estimation, and attack vulnerability, and presents an overview of many proposed tracing app examples.
Abstract: The recent outbreak of COVID-19 has taken the world by surprise, forcing lockdowns and straining public health care systems COVID-19 is known to be a highly infectious virus, and infected individuals do not initially exhibit symptoms, while some remain asymptomatic Thus, a non-negligible fraction of the population can, at any given time, be a hidden source of transmissions In response, many governments have shown great interest in smartphone contact tracing apps that help automate the difficult task of tracing all recent contacts of newly identified infected individuals However, tracing apps have generated much discussion around their key attributes, including system architecture, data management, privacy, security, proximity estimation, and attack vulnerability In this article, we provide the first comprehensive review of these much-discussed tracing app attributes We also present an overview of many proposed tracing app examples, some of which have been deployed countrywide, and discuss the concerns users have reported regarding their usage We close by outlining potential research directions for next-generation app design, which would facilitate improved tracing and security performance, as well as wide adoption by the population at large

510 citations


"A Study on Contact Tracing Apps for..." refers background in this paper

  • ...org Figure 1 Architecture of Centralised Contact Tracing App (Ahmed et al., 2020)...

    [...]

  • ...Rather than all chirps, uploading seeds reduces latency and increases the usage of bandwidth (Ahmed et al., 2020)....

    [...]

  • ...• Hybrid Contact Tracing App Architecture The database handles all the difficult operations in the centralized framework, e.g. TempID analyses, encoding, decoding, risk assessment, and at-risk contact alert notifications....

    [...]

  • ...The purpose for an intrusion according to (Ahmed et al., 2020) is differs and therefore can vary from political, religious, to monetary....

    [...]

  • ...344 http://www.webology.org • Decentralized Contact Tracing App Architecture Unlike centralized architecture, decentralized framework does not require users of the app to pre-register before they can use the app, thereby preventing any personally identifiable information being stored within the database....

    [...]

Proceedings ArticleDOI
16 Apr 2012
TL;DR: The investigation indicates the symbiotic relationship between embedded ad libraries and host apps is one main reason behind these exposed risks, and clearly shows the need for better regulating the way ad libraries are integrated in Android apps.
Abstract: In recent years, there has been explosive growth in smartphone sales, which is accompanied with the availability of a huge number of smartphone applications (or simply apps). End users or consumers are attracted by the many interesting features offered by these devices and the associated apps. The developers of these apps are also benefited by the prospect of financial compensation, either by selling their apps directly or by embedding one of the many ad libraries available on smartphone platforms. In this paper, we focus on potential privacy and security risks posed by these embedded or in-app advertisement libraries (henceforth "ad libraries," for brevity). To this end, we study the popular Android platform and collect 100,000 apps from the official Android Market in March-May, 2011. Among these apps, we identify 100 representative in-app ad libraries (embedded in 52.1% of them) and further develop a system called AdRisk to systematically identify potential risks. In particular, we first decouple the embedded ad libraries from host apps and then apply our system to statically examine the ad libraries, ranging from whether they will upload privacy-sensitive information to remote (ad) servers or whether they will download untrusted code from remote servers. Our results show that most existing ad libraries collect private information: some of them may be used for legitimate targeting purposes (i.e., the user's location) while others are hard to justify by invasively collecting the information such as the user's call logs, phone number, browser bookmarks, or even the list of installed apps on the phone. Moreover, additional ones go a step further by making use of an unsafe mechanism to directly fetch and run code from the Internet, which immediately leads to serious security risks. Our investigation indicates the symbiotic relationship between embedded ad libraries and host apps is one main reason behind these exposed risks. These results clearly show the need for better regulating the way ad libraries are integrated in Android apps.

510 citations

Posted Content
TL;DR: This document is a response to some of the privacy characteristics of direct contact tracing apps like TraceTogether and an early-stage Request for Comments to the community to encourage community efforts to develop alternative effective solutions with stronger privacy protection for the users.
Abstract: Contact tracing is an essential tool for public health officials and local communities to fight the spread of novel diseases, such as for the COVID-19 pandemic. The Singaporean government just released a mobile phone app, TraceTogether, that is designed to assist health officials in tracking down exposures after an infected individual is identified. However, there are important privacy implications of the existence of such tracking apps. Here, we analyze some of those implications and discuss ways of ameliorating the privacy concerns without decreasing usefulness to public health. We hope in writing this document to ensure that privacy is a central feature of conversations surrounding mobile contact tracing apps and to encourage community efforts to develop alternative effective solutions with stronger privacy protection for the users. Importantly, though we discuss potential modifications, this document is not meant as a formal research paper, but instead is a response to some of the privacy characteristics of direct contact tracing apps like TraceTogether and an early-stage Request for Comments to the community. Date written: 2020-03-24 Minor correction: 2020-03-30

344 citations


"A Study on Contact Tracing Apps for..." refers methods in this paper

  • ...To this end, we apply the ideas used by (Cho et al., 2020) since these notions tend to always be a common to every techniques and applicable to development of methods for contact tracing (Spensky et al., 2016)....

    [...]