Please disable your adblock and script blockers to view this page

College contact-tracing app readily leaked personal data, report finds


Albion College
Aura
iOS
Apple
Google
TechCrunch
QR
ID
permission."TechCrunch
Nucleus Careers
Oakland University
BioButton
Politico
the University of Alabama
Bluetooth
The Washington Post
Temple University
the Ars Orbital Transmission
CNMN Collection WIRED Media Group
Condé Nast


Kate Cox
Ars

No matching tags

No matching tags

No matching tags


Michigan
Android

No matching tags

Positivity     37.00%   
   Negativity   63.00%
The New York Times
SOURCE: https://arstechnica.com/tech-policy/2020/08/college-contact-tracing-app-readily-leaked-personal-data-report-finds/
Write a review: Ars Technica
Summary

Unfortunately, researchers have already found two major vulnerabilities in the app that can expose students' personal and health data.Albion College informed students two weeks before the start of the fall term that they would be required to install and run the contact tracing app, called Aura.Exposure notification apps being deployed by states, based on the iOS and Android framework that Apple and Google announced earlier this year, are designed to minimize harms to privacy. In addition to tracking students' COVID-19 status, the app will also lock a student's ID card and revoke access to campus buildings if it detects that a student has left campus "without permission."TechCrunch used a network analysis tool to discover that the code was not generated on a device but rather on a hidden Aura website—and that TechCrunch could then easily change the account number in the URL to generate new QR codes for other accounts and receive access to other individuals' personal data.A student at Albion, looking into the app's source code, also found hard-coded security keys for the app's backend servers. Schools can require students to download and install apps in a way that health officials cannot with the general population—although, as Politico notes, students' participation and compliance may be less than full and enthusiastic, particularly when it comes to disclosing contacts who may have been drinking while underage.COVID-19 lends an aura of urgency to the matter, but invasive location tracking on college campuses is not new.

As said here by Kate Cox