Mobile, News

The CEO of NITB has clarified the flase claims made for COVID-19 mobile app

Avatar Written by Naima Rabbie ·  1 min read >

The CEO of National IT board Shabahat Ali Shah has clarified the allegations made against the COVID-19 mobile app generated by the government of Pakistan. Shabahat Ali is leading Pakistan’s digital automation, entrepreneurship, and eGovernance said: “I have personally looked into the matter, and the findings are shared with the social; media users to make the facts right.”

He further stated:” Recently, a thread on social media has brought under my attention, where a COVID-19 application user claimed that he analyzed our app and identified following issues including privacy issues, hardcoded passwords and insecure connections.”

According to Sabahat user login mechanism is not present in the app, that is why the use of login and passwords are not part of the application workflow. He also claimed that the shared screenshot of a hardcoded password is the end keyword that would give more security to the token endpoint, so that endpoint can only be utilized on the phone apps.

See also: A french cyber expert discovered serious vulnerabilities in COVID-19 government app

As per the CEO, all API utilizes HTTPS that s why the data protection and cybersecurity of the users are observed as per the international standards. The NITB CEO said:” We have been successful and are striving to improve the quality of the information that is being disseminated from our Application.” He also believed that any critical criticism made by the third party is always appreciated and acknowledged.

The main purpose of the app is to prevent the coronavirus from spreading at an exponential rate. The app does not show the exact information of the affected patients rather it displays radius parameters that are corrected automatically by 10 Meters for the patients that are in self-isolation. The self-isolated patients have given consent to share their coordinates for the sake of the safety of other people.