Source code analysis reveals seven security holes in UK contact tracing app
Credit:
9-to-5 Mac
Analysis of the source code for the UK contact tracing app has revealed no fewer than seven security flaws.
One of these is that the random code assigned to users is only changed once a day, making it much easier to de-anonymize individuals …
This contrasts with the Apple/Google API, which assigns a new random code every 15 minutes. The British government bowed to pressure from privacy advocates to make the source code available so that claims about the security safeguards could be independently verified. Two cybersecurity academics have now completed their review of the code, and their report highlights what they describe as ‘serious’ security flaws.