Yesterday a French hacker tweeted about the severe vulnerabilities that one of the mobile apps created by the Pakistan Government possess. The mobile app is designated as COVID-19 Gov PK and was created to give an insight regarding the current situation of the patients. The stats of each province can be traced easily via the dashboard of the app and besides that, users can also access some hands-on features that could help in avoiding the disease.
1/ Yesterday night, I analysed “COVID-19 Gov PK”, the official #Covid19 mobile app made by the Pakistani government. Hardcoded passwords, insecure connections, privacy issues, … nothing is ok with this app.
Want to see this horror? Follow me ⬇️ pic.twitter.com/cpdf5ezoFM
— Elliot Alderson (@fs0c131y) June 9, 2020
Other features fo the app includes Pop up notification for self-hygiene, Radius Alert, Self-Assessment, and much more. According to the tweets by Elliot Alderson, the app is facing some serious development issues like insecure connection, Hardcoded passwords, privacy issues, and much more.
As per his findings, the app has been downloaded over 450k by the citizens of Pakistan and has many hidden development flaws that can expose the private information of the users without hassle. Elliot also briefly said that issues like hardcoded passwords, insecure requests, and privacy issues should be corrected by the developers as early as possible otherwise it can lead to serious consequences.
Even though one of the most prominent features that MoIT proudly presented on the launch of this app “The Radius Alert” people are now questioning the IT ministry for breaching the privacy of coronavirus patients because of it. Radius alert basically tells us about the infected patients nearby but it is also exposing the secrecy of the people.
So far over 113,702 people have been diagnosed with coronavirus. in which 2255 people have lost their lives fighting against the deadly virus. Not just that the situation seems to get worse with each passing day. Therefore people are heavily relying on the government generated apps regarding COVID-19. if apps like these halt the cybersecurity then it will be another bigger problem that users have to go through.