Quick set up for BugCrowd Security Researchers on the PathCheck GPS Solution

This page is targetted at security researchers with BugCrowd, analyzing the secrurity of our GPS Solution.

You can download the PathCheck SafePlaces app from the iOS App Store or Google Play Store.

Once you download the app, it will only offer you the opportunity to register with, and share data with, our production Health Departments.

For BugCrowd, we have set up a dedicated instance of our Safe Places server:

• https://bugcrowd.spl.extremesolution.com/login

• (see the BugCrowd website for login credentials).

To connect the App to this instance, you need to take the following steps:

• On the “More” tab (“…”) got to the “About” page

• Tap about 10 times on the text that says “PathCheck GPS” until you see a pop-up that says “Feature Flags enabled”

• Press Back to return to the “More” tab

• You’ll see a new menu “Feature Flags (Developer)” - enter that menu

• Enable “Custom Yaml URL”

• Now move to the Health Departments tab (symbol for this tab is a nurse’s hat with a cross on it).

• Choose “View your Health Departments”

• Choose “Manually Add Via URL”

• Enter this URL:

• https://raw.githubusercontent.com/Path-Check/trusted-authorities/master/staging/bugcrowd.1.0.1.yaml

• Press “Add”

On the “Health Departments” and Location History Sharing pages, there will now be a new Health Department available, called Testing (BugCrowd). You can choose to share data with this server, and you can download exposure data from this server.

PLEASE NOTE: any location data you share to this server will also be accessible to other Security Researchers using the BugCrowd server. If you don’t want to share your true location, we recommend you use an emulated device to avoid revealing your true GPS co-ordinates.

For more resources on the function & capabilities of the GPS solution, please look at the articles here: https://pathcheck.atlassian.net/wiki/spaces/TEST/pages/226689031 and elsewhere in this space.