Preventing Faked Proximity

Fri 15 May 2020 By Richard Taylor

Category: Threats, MitM Attack, API Abuse, API Security, Healthcare

We’ve been thinking a lot about contact tracing apps in recent weeks. There are ongoing debates about whether a centralised or decentralised model is superior, and how the ensuing discussions around privacy will impact their takeup.

Read More

UK Contact Tracing App Privacy Risks

Tue 05 May 2020 By Richard Taylor

Category: Threats, Mobile App Development, API Security, Healthcare

More details of the UK's controversial NHSX contact tracing app are being released as the app starts a wider scale trial on the Isle of Wight this week. NHSX is a digital transformation group associated with the UK National Health Service.

Why controversial? There are many reasons, some to do with how the app development was initially procured, but also specifically from a technical perspective as the UK has opted for a centralised contact tracing approach rather than the decentralised model being championed by Apple and Google amongst others (including ourselves).

Read More

Protecting Personal Information & Sensitive Data In Mobile Health Apps

Mon 20 April 2020 By David Stewart

Category: Account Hijacking, Mobile App Authentication, Scrapers, Bots, API Security, Healthcare

Recent years have seen a move towards cloud platforms and mobile health apps for citizens -- applications and data processing systems that enable ordinary people to interact with their health providers, make appointments with medical professionals, order prescriptions, and gain on-demand access to their medical records. The ongoing COVID-19 pandemic is putting greater emphasis on this trend, as citizens clamour for the latest news, advice, and best practices, while government and health organisations look to digital technologies to help them develop treatment protocols, track the progress of the virus spread, and monitor the condition of all those affected.

Read More

Contact Tracing Apps: Privacy vs. Security?

Thu 16 April 2020 By Richard Taylor

Category: Mobile App Authentication, Threats, API, API Abuse, API Security, Healthcare

Photo by Fusion Medical Animation on Unsplash

Last Friday, there was an unusual joint announcement from Apple and Google providing details of a new phone API for Covid-19 contact tracing via Bluetooth. The protocol allows mobile phones to continually transmit Bluetooth advertisements to one another. This includes a proximity identifier derived from randomly generated keys that can be held secretly on each device. If a phone user is later diagnosed with Covid-19, they are able to upload the daily tracing keys for those days when they might have been infectious. 

Read More

Page 1 of 1