• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

早期部署的新冠病毒接触者追踪安卓应用程序的隐私与安全分析

A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps.

作者信息

Hatamian Majid, Wairimu Samuel, Momen Nurul, Fritsch Lothar

机构信息

Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne, UK.

Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden.

出版信息

Empir Softw Eng. 2021;26(3):36. doi: 10.1007/s10664-020-09934-4. Epub 2021 Mar 19.

DOI:10.1007/s10664-020-09934-4
PMID:33776548
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC7978168/
Abstract

As this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users' privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code's privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users' privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps' permission declarations, privacy principles, and privacy policy contents.

摘要

在撰写本文时,严重急性呼吸综合征冠状病毒2(SARS-CoV-2)/冠状病毒病2019(COVID-19)大流行正在全球造成危害和破坏。许多国家旨在通过使用数字接触者追踪应用程序来支持其接触者追踪人员,以管理和控制病毒的传播。他们的想法是自动记录智能手机用户之间的会面,以便更快地处理感染链。截至2020年,已经推出并使用了许多接触者追踪应用程序。关于这些应用程序的隐私和安全方面以及它们可能违反数据保护原则的情况,有很多猜测。因此,这些应用程序的开发者不断受到批评,因为他们破坏了用户隐私,忽视了基本的隐私和安全要求,并且在时间压力下开发应用程序而没有考虑设计时的隐私和安全性。在本研究中,我们从多个角度分析了安卓平台上28款接触者追踪应用程序的隐私和安全性能,包括它们代码的权限、隐私政策中做出的承诺以及静态和动态性能。我们的方法基于收集与这28款应用程序相关的各种类型的数据,即权限请求、隐私政策文本、运行时资源访问以及现有的安全漏洞。基于对这些数据的分析,我们量化并评估了这些应用程序对用户隐私的影响。我们旨在对已在多个大洲部署的最早的接触者追踪应用程序进行快速而系统的检查。我们的研究结果表明,这些应用程序的开发者需要采取更多谨慎措施来确保代码质量,并解决安全和隐私漏洞。他们应该更自觉地遵守关于应用程序权限声明、隐私原则和隐私政策内容的法律要求。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/03db2abbf880/10664_2020_9934_Fig16_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/1c201edb5a5d/10664_2020_9934_Fig1_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/4f074c60f599/10664_2020_9934_Fig2_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/cad5a814b0a5/10664_2020_9934_Fig3_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/5402bc8f6c0b/10664_2020_9934_Fig4_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/5598432f2d40/10664_2020_9934_Fig5_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/1a24ed5ae09c/10664_2020_9934_Fig6_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/72bb2954dfa6/10664_2020_9934_Fig7_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/c843169aa4c2/10664_2020_9934_Fig8_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/20a96d1e81b2/10664_2020_9934_Fig9_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/8564b0902c6e/10664_2020_9934_Fig10_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/9e9ce9770206/10664_2020_9934_Fig11_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/d56902698f0a/10664_2020_9934_Fig12_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/45c3d6b31a7b/10664_2020_9934_Fig13_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/464d2f58cf37/10664_2020_9934_Fig14_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/5e0be657306c/10664_2020_9934_Fig15_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/03db2abbf880/10664_2020_9934_Fig16_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/1c201edb5a5d/10664_2020_9934_Fig1_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/4f074c60f599/10664_2020_9934_Fig2_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/cad5a814b0a5/10664_2020_9934_Fig3_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/5402bc8f6c0b/10664_2020_9934_Fig4_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/5598432f2d40/10664_2020_9934_Fig5_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/1a24ed5ae09c/10664_2020_9934_Fig6_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/72bb2954dfa6/10664_2020_9934_Fig7_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/c843169aa4c2/10664_2020_9934_Fig8_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/20a96d1e81b2/10664_2020_9934_Fig9_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/8564b0902c6e/10664_2020_9934_Fig10_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/9e9ce9770206/10664_2020_9934_Fig11_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/d56902698f0a/10664_2020_9934_Fig12_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/45c3d6b31a7b/10664_2020_9934_Fig13_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/464d2f58cf37/10664_2020_9934_Fig14_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/5e0be657306c/10664_2020_9934_Fig15_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/77e3/7978168/03db2abbf880/10664_2020_9934_Fig16_HTML.jpg

相似文献

1
A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps.早期部署的新冠病毒接触者追踪安卓应用程序的隐私与安全分析
Empir Softw Eng. 2021;26(3):36. doi: 10.1007/s10664-020-09934-4. Epub 2021 Mar 19.
2
Data Management and Privacy Policy of COVID-19 Contact-Tracing Apps: Systematic Review and Content Analysis.COVID-19 接触者追踪应用的数据管理和隐私政策:系统评价和内容分析。
JMIR Mhealth Uhealth. 2022 Jul 12;10(7):e35195. doi: 10.2196/35195.
3
State of the Art in Adoption of Contact Tracing Apps and Recommendations Regarding Privacy Protection and Public Health: Systematic Review.接触者追踪应用程序的应用现状以及关于隐私保护和公共卫生的建议:系统评价
JMIR Mhealth Uhealth. 2021 Jun 10;9(6):e23250. doi: 10.2196/23250.
4
Technology, Privacy, and User Opinions of COVID-19 Mobile Apps for Contact Tracing: Systematic Search and Content Analysis.技术、隐私和用户对 COVID-19 移动接触追踪应用程序的看法:系统搜索和内容分析。
J Med Internet Res. 2021 Feb 9;23(2):e23467. doi: 10.2196/23467.
5
Checking Contact Tracing App Implementations with Bespoke Static Analysis.使用定制静态分析检查接触者追踪应用程序的实现情况。
SN Comput Sci. 2022;3(6):496. doi: 10.1007/s42979-022-01357-w. Epub 2022 Sep 28.
6
COVID-19 Contact-Tracing Apps: Analysis of the Readability of Privacy Policies.新冠病毒病接触者追踪应用程序:隐私政策可读性分析
J Med Internet Res. 2020 Dec 3;22(12):e21572. doi: 10.2196/21572.
7
Dissecting contact tracing apps in the Android platform.剖析 Android 平台中的接触者追踪应用。
PLoS One. 2021 May 14;16(5):e0251867. doi: 10.1371/journal.pone.0251867. eCollection 2021.
8
Best Practice Guidance for Digital Contact Tracing Apps: A Cross-disciplinary Review of the Literature.数字接触者追踪应用程序的最佳实践指南:文献的跨学科综述。
JMIR Mhealth Uhealth. 2021 Jun 7;9(6):e27753. doi: 10.2196/27753.
9
Personal Information Protection and Privacy Policy Compliance of Health Code Apps in China: Scale Development and Content Analysis.中国健康码应用程序的个人信息保护和隐私政策合规性:量表开发与内容分析。
JMIR Mhealth Uhealth. 2023 Nov 14;11:e48714. doi: 10.2196/48714.
10
Contact Tracing Apps: Lessons Learned on Privacy, Autonomy, and the Need for Detailed and Thoughtful Implementation.接触者追踪应用程序:关于隐私、自主权以及详细且周到实施必要性的经验教训
JMIR Med Inform. 2021 Jul 19;9(7):e27449. doi: 10.2196/27449.

引用本文的文献

1
Mobile Apps for COVID-19: A Systematic Review of Reviews.用于 COVID-19 的移动应用程序:综述的系统评价
Healthcare (Basel). 2024 Jan 8;12(2):139. doi: 10.3390/healthcare12020139.
2
Personal Information Protection and Privacy Policy Compliance of Health Code Apps in China: Scale Development and Content Analysis.中国健康码应用程序的个人信息保护和隐私政策合规性:量表开发与内容分析。
JMIR Mhealth Uhealth. 2023 Nov 14;11:e48714. doi: 10.2196/48714.
3
Acceptability and Effectiveness of COVID-19 Contact Tracing Applications: A Case Study in Saudi Arabia of the Tawakkalna Application.

本文引用的文献

1
Applicability of mobile contact tracing in fighting pandemic (COVID-19): Issues, challenges and solutions.移动接触者追踪在抗击疫情(新冠疫情)中的适用性:问题、挑战与解决方案
Comput Sci Rev. 2020 Nov;38:100307. doi: 10.1016/j.cosrev.2020.100307. Epub 2020 Sep 23.
2
Lessons learnt from easing COVID-19 restrictions: an analysis of countries and regions in Asia Pacific and Europe.从放宽 COVID-19 限制中吸取的教训:对亚太地区和欧洲国家和地区的分析。
Lancet. 2020 Nov 7;396(10261):1525-1534. doi: 10.1016/S0140-6736(20)32007-9. Epub 2020 Sep 24.
3
Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing.
新冠疫情接触者追踪应用程序的可接受性与有效性:以沙特阿拉伯的“塔瓦卡尔纳”应用程序为例
Cureus. 2023 Feb 15;15(2):e35041. doi: 10.7759/cureus.35041. eCollection 2023 Feb.
4
The application of industry 4.0 technologies in pandemic management: Literature review and case study.工业4.0技术在疫情管理中的应用:文献综述与案例研究
Healthc Anal (N Y). 2021 Nov;1:100008. doi: 10.1016/j.health.2021.100008. Epub 2021 Oct 21.
5
Checking Contact Tracing App Implementations with Bespoke Static Analysis.使用定制静态分析检查接触者追踪应用程序的实现情况。
SN Comput Sci. 2022;3(6):496. doi: 10.1007/s42979-022-01357-w. Epub 2022 Sep 28.
6
Global Experiences of Community Responses to COVID-19: A Systematic Literature Review.全球应对 COVID-19 社区响应的经验:系统文献回顾。
Front Public Health. 2022 Jul 19;10:907732. doi: 10.3389/fpubh.2022.907732. eCollection 2022.
7
GFCNet: Utilizing graph feature collection networks for coronavirus knowledge graph embeddings.GFCNet:利用图特征收集网络进行冠状病毒知识图谱嵌入
Inf Sci (N Y). 2022 Aug;608:1557-1571. doi: 10.1016/j.ins.2022.07.031. Epub 2022 Jul 14.
量化 SARS-CoV-2 传播表明数字接触者追踪可控制疫情。
Science. 2020 May 8;368(6491). doi: 10.1126/science.abb6936. Epub 2020 Mar 31.
4
Availability and quality of mobile health app privacy policies.移动健康应用隐私政策的可获取性与质量。
J Am Med Inform Assoc. 2015 Apr;22(e1):e28-33. doi: 10.1136/amiajnl-2013-002605. Epub 2014 Aug 21.