Govt's Covid-19 mobile app riddled with errors, privacy issues

(Karachi) A mobile application, COVID-19 Gov PK, launched by the government to keep people updated about coronavirus situation in the country is riddled with errors, privacy issues and insecure connections.

A social media user, who analyzed the app in detail, has uncovered various privacy concerns and security vulnerabilities. He stated that the official mobile application does not work properly and provides irrelevant and misguided information.

He said the app is available on Google Playstore and has been downloaded 500,000 times. He maintained, "It's not a contact tracing app. It gives access to dashboards for each province and state, you can do a self-assessment, get radius alert, get a popup notification reminding the user of their personal hygiene."

"When you open the app, it asks a token to the pak gov server with hardcoded credentials: CovidAppUser / CovidApi!@#890#. Because hardcoded credentials seems to be a thing in Pakistan, when the app requests the position of infected people on the map, they used another hardcoded creds: ApiUser / ApiUser@1234#," he mentioned.

He elaborated that the first request made by the app is an insecure request. "In the "Radius Alert" tab you can get a map of infected people. Ofc, the exact coordinates of infected people are downloaded by the app," the user said.

He concluded that it is the worst mobile app with issues related to privacy, hardcoded passwords and insecure requests.

The cellular application has been developed by National Information Technology Board (NITB) to deal with coronavirus pandemic in the country with the help of technology.

The app has been designed to provide awareness to citizens about all the actions to be taken for the prevention of coronavirus.

The application currently contains four different functions such as dashboard for current status of COVID-19, alarms for washing hands, chatbot for awareness of COVID-19 and WHO videos for prevention of the disease.