ANL 16.00 Decreased By ▼ -0.20 (-1.23%)
ASC 14.46 Decreased By ▼ -0.17 (-1.16%)
ASL 20.45 Increased By ▲ 0.41 (2.05%)
BOP 8.60 Increased By ▲ 0.05 (0.58%)
BYCO 7.45 Decreased By ▼ -0.08 (-1.06%)
FCCL 17.00 Decreased By ▼ -0.50 (-2.86%)
FFBL 22.55 Decreased By ▼ -0.60 (-2.59%)
FFL 14.93 Decreased By ▼ -0.32 (-2.1%)
FNEL 7.30 Decreased By ▼ -0.05 (-0.68%)
GGGL 16.90 Decreased By ▼ -0.25 (-1.46%)
GGL 29.20 Decreased By ▼ -0.75 (-2.5%)
HUMNL 6.30 Increased By ▲ 0.34 (5.7%)
JSCL 20.45 Decreased By ▼ -0.23 (-1.11%)
KAPCO 28.68 Decreased By ▼ -0.31 (-1.07%)
KEL 3.50 Increased By ▲ 0.02 (0.57%)
MDTL 2.15 Increased By ▲ 0.04 (1.9%)
MLCF 33.05 Decreased By ▼ -0.55 (-1.64%)
NETSOL 103.59 Decreased By ▼ -2.41 (-2.27%)
PACE 4.28 Decreased By ▼ -0.05 (-1.15%)
PAEL 27.50 Decreased By ▼ -0.45 (-1.61%)
PIBTL 8.56 Decreased By ▼ -0.14 (-1.61%)
POWER 6.85 Decreased By ▼ -0.05 (-0.72%)
PRL 16.95 Decreased By ▼ -0.23 (-1.34%)
PTC 9.15 Decreased By ▼ -0.15 (-1.61%)
SILK 1.45 Increased By ▲ 0.01 (0.69%)
SNGP 43.36 Increased By ▲ 1.03 (2.43%)
TELE 16.00 Decreased By ▼ -0.45 (-2.74%)
TRG 132.99 Decreased By ▼ -2.79 (-2.05%)
UNITY 29.40 Decreased By ▼ -0.50 (-1.67%)
WTL 2.30 Decreased By ▼ -0.10 (-4.17%)
BR100 4,672 Increased By ▲ 3.82 (0.08%)
BR30 20,668 Decreased By ▼ -223.72 (-1.07%)
KSE100 44,935 Increased By ▲ 113.1 (0.25%)
KSE30 17,593 Increased By ▲ 71.11 (0.41%)

Coronavirus
LOW Source: covid.gov.pk
Pakistan Deaths
28,280
1124hr
Pakistan Cases
1,265,047
66324hr
1.66% positivity
Sindh
465,819
Punjab
437,974
Balochistan
33,128
Islamabad
106,469
KPK
176,886
Pakistan

NITB rejects errors, privacy issues pertaining govt’s COVID-19 App

  • A statement issued by NITB’s CEO Shabahat Ali Shah said that the user has highlighted a number of issues pertaining to the app including privacy issues, hardcoded passwords, and insecure connections.
Updated 10 Jun 2020

The National Information Technology Board (NITB) has responded to the issues highlighted by a social media user pertaining to the recently launched COVID-19 Gov PK mobile app.

A statement issued by NITB’s CEO Shabahat Ali Shah said that the user has highlighted a number of issues pertaining to the app including privacy issues, hardcoded passwords and insecure connections.

The development comes after a social media user, who analyzed the app in detail, uncovered various privacy concerns and security vulnerabilities. The user stated that the official mobile application does not work properly and provides irrelevant and misguided information.

He maintained, "It's not a contact tracing app. It gives access to dashboards for each province and state, you can do a self-assessment, get radius alert, get a popup notification reminding the user of their personal hygiene."

Responding to this issue, the NITB said that the app, which is created for the purpose of curbing the spread of coronavirus pandemic, use 'a very limited personal information' and does not show the ‘exact coordinates ‘ of the infected person.

“Instead it shows radius parameter that is fixed by default at 10 meters for self declared patients and 300 meters at a quarantine location. Hence, self declared patients have given their consent to reveal their coordinates for the safety of the citizens. Moreover, they have accepted our app privacy policy terms/conditions,” maintained NITB.

To the second issue raised by the social media user regarding hardcoded passwords, NITB said that there is no user login mechanism present in the app. “Therefore, use of login and passwords are not part of the app workflow.”

NITB elaborated that the screenshot mentioning hardcoded password is the defined keyword to give more security to auth-token endpoint, so that endpoint can only be used from mobile apps.

Earlier, a social media user highlighted this issue saying, "when you open the app, it asks a token to the pak gov server with hardcoded credentials: CovidAppUser / [email protected]#890#. Because hardcoded credentials seems to be a thing in Pakistan, when the app requests the position of infected people on the map, they used another hardcoded creds: ApiUser / [email protected]#,".

The social media user further stated that the first request made by the app is an insecure request. "In the "Radius Alert" tab you can get a map of infected people. Ofc, the exact coordinates of infected people are downloaded by the app."

To which the NITB responded that all its API communicates using HTTPS. “Hence security and protection of data of users as per international standards is of prime importance and implemented at the core.”

Comments

Comments are closed.