The government of Pakistan had introduced a special application (app) to spread awareness about the Corona virus epidemic, release epidemic data and make the general public access to other information related to the epidemic.
While the government had introduced a website related to Corona, a mobile application called (Covid-19 Gov PK) was also introduced.
For the first time, users of the app request that the app give them access to data to keep track of Corona patients living between 30 and 300 meters away.
The application also allows the Corona patient to highlight their location so that other people can keep track of them.
The app also has many other features, but a French security researcher working on application security has claimed that the app developed by the government of Pakistan has several security flaws.
According to the Dawn newspaper, Baptiste Robert, a French security researcher, pointed out the security flaws of the Pakistani government's 'Corona App' in a series of tweets on his Twitter account.
The foreign researcher claimed that proper security arrangements were not made to secure the 'Corona app', the app does not work under unencrypted passwords and architects due to which it has several security flaws.
Also read: Introducing the mobile app to defeat the Corona virus
According to French cybersecurity researchers, security vulnerabilities allow hackers to gain access to users' passwords and data.
He explained to Dawn that the data and passwords of the mobile application are connected to the server and that there are security vulnerabilities in its server. Can access data.
The French security expert pointed out several security flaws in the Corona app in his tweets and claimed that hackers could be able to access the data of users using the app.
The government rejected the claims after a French security researcher pointed out security flaws in the application.
Shabahat Ali Shah, chief executive officer (CEO) of the National Information Technology Board (NITB), the state-run application maker, dismissed the French researcher's claims in a statement, saying the app was safe.
He wrote in an explanatory statement that the app does not identify the person infected with the corona but rather its immediate location, and that the feature works only with the permission of people who voluntarily declare themselves corona patients. Is.
He also dismissed the French researcher's concerns regarding passwords, saying that the security features of the mobile app have been kept up to international standards.
He wrote that the mobile app has upheld the values of ethics, sociality, harmony and privacy in terms of collecting user records.
Shabahat Ali Shah acknowledged that there was scope for security improvements in the mobile app and the government would welcome any corrective criticism, adding that he would release a report on the audit of the application.
After the claims of the French researcher and the rejection of these claims by the government, the independent organizations monitoring the security of the application also pointed out the security flaws in the app.
The government's Corona app uses unencrypted data, allowing any hacker to hack users' accounts, according to the Swiss application security firm AmmonieWeb.
Khadija Shah of Bolo Bhi Pakistani also said that the review of the app shows that the privacy and privacy of the users is not very important.
Following the identification of security flaws in the Corona app, an organization called the Digital Rights Foundation has called on the government to share information about the app and privacy policy.
