issues
search
timb-machine
/
nhsx-contact-tracing-app
Tracker for independent privacy and security analysis of NHSX Contact Tracing application
Creative Commons Zero v1.0 Universal
8
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Traffic can be profiled via side channels
#37
timb-machine
opened
4 years ago
0
Technical vulnerabilities remain unresolved
#36
timb-machine
opened
4 years ago
0
Sensitive data stored in the device in clear
#35
javixeneize
opened
4 years ago
6
Certificate pinning can be bypassed (and keys disclosed)
#34
javixeneize
opened
4 years ago
2
List of temporary ID usage
#33
timb-machine
opened
4 years ago
0
Temporary reference IDs allow indirect access to backend
#32
timb-machine
opened
4 years ago
0
Where is the Equalities and Health Inequalities Impact Assessment?
#31
timb-machine
opened
4 years ago
1
Data cannot be deleted from backend without Sonar ID
#30
timb-machine
opened
4 years ago
0
Broadcast value static for 24 hour intervals
#29
timb-machine
opened
4 years ago
1
No server authentication
#28
marksteward
opened
4 years ago
1
List of cryptographic primitives
#27
timb-machine
opened
4 years ago
0
Has efficacy of proximity measurement based on ultrasound been considered or analysed?
#26
timb-machine
opened
4 years ago
0
Future-proofing
#25
marksteward
opened
4 years ago
0
Incomplete threat model
#24
timb-machine
opened
4 years ago
0
List of trusted third parties
#23
marksteward
opened
4 years ago
6
Source quality
#22
timb-machine
opened
4 years ago
1
List of on-device database schemas
#21
timb-machine
opened
4 years ago
0
Links to resources over HTTP
#20
timb-machine
opened
4 years ago
1
uk.nhs.nhsx.sonar.android.app.exports content provider may allow data to be extracted
#19
timb-machine
opened
4 years ago
0
Software bill of materials
#18
timb-machine
opened
4 years ago
0
Lack of clarity on who owns the master key from an operational standpoint
#17
timb-machine
opened
4 years ago
0
Concerns over choice of Bouncy Castle crypto
#16
timb-machine
opened
4 years ago
1
Where is the Data Protection Impact Assessment?
#15
timb-machine
opened
4 years ago
3
Insufficient and inappropriate guidance on vulnerability disclosure
#14
timb-machine
closed
4 years ago
1
File hashes
#13
timb-machine
opened
4 years ago
0
Build quality
#12
timb-machine
opened
4 years ago
0
Lack of clarity on who owns the data from an operational standpoint
#11
timb-machine
opened
4 years ago
0
Lack of clarity on who owns the source code from an operational standpoint
#10
timb-machine
opened
4 years ago
0
Has the solution been subject to an ITHC?
#9
timb-machine
opened
4 years ago
4
Android permissions requested
#8
timb-machine
opened
4 years ago
1
Microsoft powered AppCenter Analytics system
#7
timb-machine
opened
4 years ago
1
Bluetooth tracing may not offer sufficient fidelity
#6
timb-machine
opened
4 years ago
0
Potential gaps in user stories
#5
timb-machine
opened
4 years ago
0
Google powered FireBase notification system
#4
timb-machine
opened
4 years ago
0
Source code not available (yet ;))
#3
timb-machine
closed
4 years ago
2
Centralised authority
#2
timb-machine
opened
4 years ago
0
Single master key
#1
timb-machine
opened
4 years ago
0