...
We know we have issues with Security & Privacy vs. where we want to get to - e.g. data stored unencrypted on users' phones. This is a concern given that the app may become widely used to store personal data in the US & elsewhere due to the profile of the project. Our Privacy-first messaging & non-profit status + MIT backing means that users will be inclined to trust us by default.
Risks therefore include…
Personal data breaches
Published analyses of security deficiencies by hackers/journalists
Reputational damage from both of the above.
Manipulation of naive users. Is there a risk that naive users could be manipulated into sharing their location data with organizations other than Healthcare Agencies? Can / should we do more to discourage / prevent this?
Exposure to fake sources of COVID-19 data. Having provided an app that consumes a certain kind of data, but not provided the data itself (the HAs), do we encourage unscrupulous 3rd parties to fill that gap with fake data?
Exposure to possible JSON injection attacks. We have not fuzz / security tested the HA JSON interface.
Risk of high mobile data bills in the event users are persuaded to download data from an unscrupulous 3rd party siwho offers a very large JSON file. No known limit to the amount the app will try to download, and it may do so over a mobile data network.
Upgrade
We have not tested upgrade from this release to a future release. Therefore we don’t know that this app is upgradeable-from without loss of data.
Upgrade which changes data format (e.g. encrypts data) may be particularly problematic in future .
...
#516 - We expect quite a few issues around false negatives in scenarios where both parties are moving > 10m / minute (i.e. anything but stationary). This is due to the tight 20m radius for detection, and the likelihood that phone’s timers for logging GPS data will be out of sync. This is a theoretical problem: we have not yet established how much of a problem this is in realistic scenarios.
Issues when no network connectivity??? Not tested.
New defects found testing the latest app.
### to be compleed.
Check that Haitian Creole text at least fits on all screens, headings etc.
New function: Select Health Authority during setup
...
We have not tested the translation with a native speaker. Therefore we do not know whether there are issues with context, quality of translation, mimis-spellings etc.
Haitian Crelos has not been tested with a wide range of screen form factors. Therefore there is a risk that some text or headings does not fit the available space, on some smaller devices.
When changing language, it is very easy to get into a confusing state where the dashboard shows the wrong language. It is then not possible to get out of this state. Raised here, but the bug report is not clear about how easy it is to hit, and hard to then escape from https://github.com/tripleblindmarket/covid-safe-paths/issues/609
...
Issues believed to be non-impactful
The app cannot be installed on multiple user accounts on a single device.
Minor cosmetic issues
Top of text trimmed in setup pages #
Wrong shade of white in HA page # 620
Off center ripple on some phones: #617
Some text doesn’t fit available space on some smaller phones #618 (not known if similar issues exist in Haitian Creole as not tested on many different sized screens)
The app always has a permanent notification, which cannot be dismissed. #473
Unknowns
Reliability of location logging. We have seen this spontaneously stop on occasions. We have not systematically tested for this yet, so there may still be weaknesses here.
...